Unable to rehashed the Password

[AdnanLatif]

Hello,

I hope this message finds you well. I have been using IonAuth with CodeIgniter 2 and recently migrated to CodeIgniter 4.3.4. Overall, the transition has been smooth, but I've encountered an issue regarding the password hashing technique used by IonAuth.

In the previous version (IonAuth 2), SHA1 was utilized for password hashing. However, in the latest version (IonAuth 4), bcrypt is now the default hashing algorithm. According to your update documentation, the login process should automatically rehash the passwords using bcrypt, ensuring a seamless transition for users. However, when attempting to log in, an error message is displayed indicating that the username or password is incorrect. The issue is resolved if I manually update the password values in the database using online bcrypt encryption.

To mitigate this problem, I am seeking guidance on how to rehash the users' passwords properly within IonAuth 4. I understand that asking the users to update their passwords manually is not an ideal solution. Therefore, I would greatly appreciate your advice on how to handle this situation and ensure a smooth password migration process for my users.

Thank you in advance for your assistance.

[AdnanLatif]

@benedmunds @bvrignaud Please look into.

[benedmunds]

Hey Adnan,

Ion Auth v4 doesn't support SHA1 passwords at all. Ion Auth v3 had the automatic migration. If you need that then you could implement some similar login in your controller around the login process, the logic is here:

https://github.com/benedmunds/CodeIgniter-Ion-Auth/blob/3/models/Ion_auth_model.php#LL343C16-L343C16

https://github.com/benedmunds/CodeIgniter-Ion-Auth/blob/3/models/Ion_auth_model.php#L2740

Or another option would be to use v3 until the majority of your users have migrated to bcrypt, then upgrade to v4. I'd recommend writing similar logic though so you can continue updating the hashes over time.