Closed RobertHeim closed 3 years ago
I think that in this line
it is implicitly assumed that the hash is argon2, then the extraction on its own assumes its argon 2 and would need to contain a $
but it does not and hence this fails with the index out of bound for hash algorithms that do not contain a $
sign in the hash:
https://github.com/dreezey/argon2-password-hash-provider/blob/67d91193af519c317a7618aa81afe6fb67573d05/src/main/java/be/cronos/keycloak/utils/Argon2EncodingUtils.java#L38
I have sent a pull request to fix it. Would be happy to get a 2.0.1 release for it.
Hi @RobertHeim , thanks for your interest in the module.
This is something I have noticed previously but did not manage to implement a fix for this, so thanks for investigating this in detail and submitting PR, I will attempt to get merge done this week.
Hi @RobertHeim , I released the new version along with an updated JUnit dependency.
Thanks for the PR!
That is great @dreezey ! Thanks!
Hi and thanks for the integration!
For existing users, re-hasing their existing passwords on login with another hash algo fails.
I can consistently reproduce it:
There exists a testuser with a hashed password using
{"hashIterations":27500,"algorithm":"pbkdf2-sha256"}
. This is the default and there was no policy set. Then, I changed the password policy toargon2
. Creating a new user is fine. However, when I try to login with the existing testuser I get this error:Any idea?