Reintroduce SHA-1 to the list of supported encryption algorithms, allowing to import users and still allow them to log in (fix #48)
For the same reason, allow passwords to be encrypted without key stretching
User documents now contain the algorithm name used to encrypt the password, and if a key stretching algorithm has been applied to it or not. If one of these properties are absent from a user document, the current plugin configuration is applied instead
Now able to check user passwords encrypted with a different algorithm and key stretching configuration than the ones provided in the settings. If the password check succeeds, then it gets re-encrypted using the current plugin configuration, allowing to bring it on par with the current security configuration
A pepper property is now added to every user documents. It is always set to false. This property will allow us to add a pepper value to the password later, without introducing any breaking change (see #50)
Description
pepper
property is now added to every user documents. It is always set tofalse
. This property will allow us to add a pepper value to the password later, without introducing any breaking change (see #50)