KEYCLOAK-2319

Cannot login to admin console after upgrade 1.6 -> 1.8.CR1
2016-01-18 11:16:02 +01:00 · 2016-01-18 11:16:02 +01:00 · 904ed65a5c
commit 904ed65a5c
parent ded919c0a6
2 changed files with 20 additions and 2 deletions
--- a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.8.0.xml
+++ b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.8.0.xml
@ -111,4 +111,14 @@
        </update>

    </changeSet>
+
+    <changeSet id="1.8.0-2" author="keycloak">
+        <dropDefaultValue tableName="CREDENTIAL" columnName="ALGORITHM" columnDataType="VARCHAR(36)"/>
+
+        <update tableName="CREDENTIAL">
+            <column name="ALGORITHM" type="VARCHAR(36)" value="pbkdf2" />
+            <where>TYPE in ('password-history', 'password') AND ALGORITHM is 'HmacSHA1'</where>
+        </update>
+    </changeSet>
+
 </databaseChangeLog>
--- a/server-spi/src/main/java/org/keycloak/hash/PasswordHashManager.java
+++ b/server-spi/src/main/java/org/keycloak/hash/PasswordHashManager.java
@ -1,5 +1,6 @@
 package org.keycloak.hash;

+import org.jboss.logging.Logger;
 import org.keycloak.models.*;

 /**
@ -7,6 +8,8 @@ import org.keycloak.models.*;
 */
 public class PasswordHashManager {

+    private static final Logger log = Logger.getLogger(PasswordHashManager.class);
+
    public static UserCredentialValueModel encode(KeycloakSession session, RealmModel realm, String rawPassword) {
        return encode(session, realm.getPasswordPolicy(), rawPassword);
    }
@ -17,9 +20,10 @@ public class PasswordHashManager {
        if (iterations < 1) {
            iterations = 1;
        }
-        PasswordHashProvider provider = session.getProvider(PasswordHashProvider.class, algorithm);
+        PasswordHashProvider provider = session.getProvider(PasswordHashProvider.class, passwordPolicy.getHashAlgorithm());
        if (provider == null) {
-            throw new RuntimeException("Password hash provider for algorithm " + algorithm + " not found");
+            log.warnv("Could not find hash provider {0} from password policy, using default provider {1}", algorithm, Constants.DEFAULT_HASH_ALGORITHM);
+            provider = session.getProvider(PasswordHashProvider.class, Constants.DEFAULT_HASH_ALGORITHM);
        }
        return provider.encode(rawPassword, iterations);
    }
@ -31,6 +35,10 @@ public class PasswordHashManager {
    public static boolean verify(KeycloakSession session, PasswordPolicy passwordPolicy, String password, UserCredentialValueModel credential) {
        String algorithm = credential.getAlgorithm() != null ? credential.getAlgorithm() : passwordPolicy.getHashAlgorithm();
        PasswordHashProvider provider = session.getProvider(PasswordHashProvider.class, algorithm);
+        if (provider == null) {
+            log.warnv("Could not find hash provider {0} for password", algorithm);
+            return false;
+        }
        return provider.verify(password, credential);
    }