puzzle / puzzle.opnsense

An Ansible Collection to configure an opnsense Firewall
https://puzzle.github.io/puzzle.opnsense/collections/puzzle/opnsense/index.html
GNU General Public License v3.0
24 stars 12 forks source link

Deprecation of the crypt function #99

Open KiLLuuuhh opened 7 months ago

KiLLuuuhh commented 7 months ago

While developing the system_access_users module, we noticed that OPNsense Core uses Crypt to create API key secrets, as seen here:

https://github.com/opnsense/core/blob/dc80b7a019e7fc6e8e03a9df72b3d9b5f9d499c7/src/opnsense/mvc/app/library/OPNsense/Auth/API.php#L95

Unfortunately, we haven't found a workaround in Python (other than using crypt, which will be deprecated in Python version 3.13) to generate secrets that are accepted by the authentication function of OPNsense Core. Consequently, we are using crypt as a PHP function to create secrets:

_generate_hashed_secret

This issue serves as a reminder that, sooner or later, OPNsense Core will deprecate Crypt as well, and we will need to update our _generate_hashed_secret accordingly.