From b119e9b65c6ccc8a0fd6358b69eea87d73a9d9e7 Mon Sep 17 00:00:00 2001
From: catch <catch@35733.no-reply.drupal.org>
Date: Mon, 22 May 2023 10:38:04 +0100
Subject: [PATCH] Issue #3358524 by benjifisher, quietone, smustgrave: Users
cannot log in if Password Compatibility module is not enabled
---
core/modules/phpass/phpass.info.yml | 2 +-
core/modules/phpass/phpass.module | 22 ++++++++++++++++++++--
2 files changed, 21 insertions(+), 3 deletions(-)
diff --git a/core/modules/phpass/phpass.info.yml b/core/modules/phpass/phpass.info.yml
index c0cd6c640dd3..63b615002113 100644
--- a/core/modules/phpass/phpass.info.yml
+++ b/core/modules/phpass/phpass.info.yml
@@ -1,5 +1,5 @@
name: Password Compatibility
type: module
-description: 'Provides the password checking algorithm for user entities created with Drupal prior to version 10.1.x.'
+description: 'Provides the password checking algorithm for user accounts created with Drupal prior to version 10.1.0.'
package: Core
version: VERSION
diff --git a/core/modules/phpass/phpass.module b/core/modules/phpass/phpass.module
index a463fb8097cb..ef9db81742cc 100644
--- a/core/modules/phpass/phpass.module
+++ b/core/modules/phpass/phpass.module
@@ -2,9 +2,10 @@
/**
* @file
- * Provides the password checking algorithm used prior to version 10.1.x.
+ * Provides the password checking algorithm used prior to version 10.1.0.
*/
+use Drupal\Core\Form\FormStateInterface;
use Drupal\Core\Routing\RouteMatchInterface;
/**
@@ -15,8 +16,25 @@ function phpass_help($route_name, RouteMatchInterface $route_match) {
case 'help.page.phpass':
$output = '';
$output .= '<h3>' . t('About') . '</h3>';
- $output .= '<p>' . t('The Password Compatibility module provides the password checking algorithm for user entities created with Drupal prior to version 10.1.x. For more information, see the <a href=":phpass">online documentation for the Password Compatibility module</a>.', [':phpass' => 'https://www.drupal.org/docs/core-modules-and-themes/core-modules/password-compatibility-module']) . '</p>';
+ $output .= '<p>' . t('The Password Compatibility module provides the password checking algorithm for user accounts created with Drupal prior to version 10.1.0. For more information, see the <a href=":phpass">online documentation for the Password Compatibility module</a>.', [':phpass' => 'https://www.drupal.org/docs/core-modules-and-themes/core-modules/password-compatibility-module']) . '</p>';
+ $output .= '<p>' . t('Drupal 10.1.0 and later use a different algorithm to compute the hashed password. This provides better security against brute-force attacks. The hashed passwords are different from the ones computed with Drupal versions before 10.1.0.') . '</p>';
+ $output .= '<p>' . t('When the Password Compatibility module is installed, a user can log in with a username and password created before Drupal 10.1.0. The first time these credentials are used, a new hash is computed and saved. From then on, the user will be able to log in with the same username and password whether or not this module is installed.') . '</p>';
+ $output .= '<p>' . t('Passwords created before Drupal 10.1.0 <strong>will not work</strong> unless they are used at least once while this module is installed. Make sure that you can log in before uninstalling this module.') . '</p>';
return $output;
}
}
+
+/**
+ * Implements hook_form_FORM_ID_alter() for system_modules_uninstall_confirm_form.
+ */
+function phpass_form_system_modules_uninstall_confirm_form_alter(array &$form, FormStateInterface $form_state): void {
+ $modules = \Drupal::keyValueExpirable('modules_uninstall')
+ ->get(\Drupal::currentUser()->id());
+ if (!in_array('phpass', $modules)) {
+ return;
+ }
+ \Drupal::messenger()->addWarning(t('Make sure that you can log in before uninstalling the Password Compatibility module. For more information, see the <a href=":phpass">online documentation for the Password Compatibility module</a>.', [
+ ':phpass' => 'https://www.drupal.org/docs/core-modules-and-themes/core-modules/password-compatibility-module',
+ ]));
+}
--
GitLab