35 lines
1.0 KiB
MySQL
35 lines
1.0 KiB
MySQL
|
/* Required for the gen_random_bytes function */
|
||
|
|
CREATE EXTENSION pgcrypto;
|
||
|
|
|
||
|
|
CREATE FUNCTION password_hash(salt_hex char(32), pass bytea)
|
||
|
|
RETURNS char(96)
|
||
|
|
LANGUAGE plpgsql
|
||
|
|
AS
|
||
|
|
$$
|
||
|
|
BEGIN
|
||
|
|
RETURN (
|
||
|
|
SELECT
|
||
|
|
salt_hex ||
|
||
|
|
encode(
|
||
|
|
sha256(
|
||
|
|
decode(salt_hex, 'hex') || /* salt in binary */
|
||
|
|
pass /* password */
|
||
|
|
),
|
||
|
|
'hex'
|
||
|
|
)
|
||
|
|
);
|
||
|
|
END;
|
||
|
|
$$;
|
||
|
|
|
||
|
|
/* Password has to be able to accommodate 96 characters instead of previous 64.
|
||
|
|
* It can't be char(96), because then the password would be padded to 96 characters. */
|
||
|
|
ALTER TABLE public."user" ALTER COLUMN "password" TYPE varchar(96) USING "password"::varchar;
|
||
|
|
|
||
|
|
/* Update all users with salted and hashed passwords */
|
||
|
|
UPDATE public.user
|
||
|
|
SET password = password_hash( encode(gen_random_bytes(16),'hex'), password::bytea);
|
||
|
|
|
||
|
|
/* After the password hashing, all passwords are now hex encoded 32 characters salt and 64 characters hash,
|
||
|
|
* and the varchar type is not longer necessary. */
|
||
|
|
ALTER TABLE public."user" ALTER COLUMN "password" TYPE char(96) USING "password"::varchar;
|