Reputation: 41
Disable password hasing in CakePHP 4.x / Authenticator 2.x
I am using CakePHP for a school project where a filled in database is given to you.
Users are required to login by a username / password which I already made. The problem however, users in the database have an unencrypted password which I want to authenticate them with.
I can't find any way to disable the password hash check. I tried specifying a fallback password hasher like this.
$authenticationService->loadIdentifier('Authentication.Password', [
'fields' => [
'username' => 'username',
'password' => 'password',
],
'passwordHasher' => [
'className' => 'Authentication.Fallback',
'hashers' => [
'Authentication.Default',
[
'className' => 'Authentication.Legacy',
'hashType' => 'md5',
'salt' => false
],
]
]
]);
But I can't find any way to disable the 'hashType'.
Upvotes: 1
Views: 323
Answers (1)
Reputation: 41
I ended up not disabling password hashing, but using a fallback method as the one in my question.
I hashed all the passwords in my database with sha1 by using a SQL Query. (sha1 isn't secure, but that was not required in my case).
When a user logs in, CakePHP checks if the password has to be upgraded to a more secure hash and does so if required. (More info on CakePHP hashers/upgrading can be found here: https://book.cakephp.org/authentication/2/en/password-hashers.html)
Upvotes: 3
Related Questions
- Cakephp 2.4 Authentication
- Cakephp 3.0 auth component how to disable hash method
- Authentication in cakePHP 2.4
- Auth Component not checking password automatically in cakephp 2.4
- How to use PasswordableBehavior with CakePHP?
- CakePHP 2: Override AuthComponent's "password" method
- How do you turn off AuthComponent auto hash of password in CakePHP 2.2?
- CakePHP 2.0 AuthComponent hashes passwords automatically
- Disable automagic CakePHP Auth login() action
- Turn of Cakephp Auth password hashing