Whenever the password is updated ensure that the hash algorithm is too (#13966)

`user.HashPassword` may potentially - and in fact now likely does - change the `passwd_hash_algo` therefore whenever the `passwd` is updated, this also needs to be updated. Fix #13832 Thanks @fblaese for the hint Signed-off-by: Andrew Thornton <art27@cantab.net>
2025-07-29 21:58:36 +00:00 · 2020-12-12 18:59:49 +00:00
parent d07b8a75d7
commit 287b594803
3 changed files with 4 additions and 4 deletions
--- a/routers/user/setting/account.go
+++ b/routers/user/setting/account.go
@@ -68,7 +68,7 @@ func AccountPost(ctx *context.Context, form auth.ChangePasswordForm) {
 			return
 		}
 		ctx.User.HashPassword(form.Password)
-		if err := models.UpdateUserCols(ctx.User, "salt", "passwd"); err != nil {
+		if err := models.UpdateUserCols(ctx.User, "salt", "passwd_hash_algo", "passwd"); err != nil {
 			ctx.ServerError("UpdateUser", err)
 			return
 		}