My admin user doesn't have a password and no salt (but there is an PasswordEncryption field with a value)
If there is an attempt to encrypt with user settings (ie: an api token), the framework "assumes" there is a salt, while there is no guarantee there is one. Since php 8, this is breaking the blowfish encryption (a salt is required)
Maybe it's a misuse of the method, but at any rate, I think that the framework should not assume anything: if the method is callable, it should work or throw a proper exception
How to reproduce
On a Member without a password, but with a PasswordEncryption
Call $member->encryptWithUserSettings('somestring')
You get a blowfish exception because it could not encrypt with an empty salt
Possible Solution
a salt is generated if needed
a proper exception is thrown
Additional Context
No response
Validations
[X] Check that there isn't already an issue that reports the same bug
[X] Double check that your reproduction steps work in a fresh installation of silverstripe/installer (with any code examples you've provided)
Module version(s) affected
5.x
Description
I've encountered this issue while using https://github.com/emteknetnz/silverstripe-rest-api
My admin user doesn't have a password and no salt (but there is an PasswordEncryption field with a value)
If there is an attempt to encrypt with user settings (ie: an api token), the framework "assumes" there is a salt, while there is no guarantee there is one. Since php 8, this is breaking the blowfish encryption (a salt is required)
https://github.com/emteknetnz/silverstripe-rest-api/blob/924cd948c395f3fbf26c039af3f50f64a98b383d/src/Controllers/RestApiEndpoint.php#L153
Maybe it's a misuse of the method, but at any rate, I think that the framework should not assume anything: if the method is callable, it should work or throw a proper exception
How to reproduce
On a Member without a password, but with a PasswordEncryption Call $member->encryptWithUserSettings('somestring') You get a blowfish exception because it could not encrypt with an empty salt
Possible Solution
Additional Context
No response
Validations
silverstripe/installer
(with any code examples you've provided)PRs