Well now I have the original source. Let me test here with different scenarios but at this moment cake 3 is back on scenario (which makes me very happy)
On Thursday, February 26, 2015 at 4:06:47 PM UTC-5, José Lorenzo wrote: > > I see the problem... It looks like you have been hashing the passwords all > this time with sha1 (which is the deafult in cake 2) since you had the > duplicate configuration. > > On Thursday, February 26, 2015 at 9:59:21 PM UTC+1, mcloide wrote: >> >> Talking with my co-workers we might have found the reason why the hash is >> so different. >> >> The original hash was made in php 5.3, this test was made in php 5.6, >> when I first tested the issue that generated this thread it was also under >> php 5.6 which means, that, knowing that php has changed it's hash >> mechanisms it might explain why the hash string is so far apart. >> >> >> On Thursday, February 26, 2015 at 3:48:16 PM UTC-5, mcloide wrote: >>> >>> Well I did more than simply doing some gists but it did help me see that >>> my current application has something wrong in sense that you are correct, >>> cake2 to cake3 Simple and Weak methods are the same. >>> >>> This is my path for troubleshooting: >>> >>> Create a new cake 2.6.2 application from scratch, add authentication, >>> and users creation. >>> Create a new cake 3 application from scratch, add authentication and >>> users creation. >>> >>> In summary both apps looks just like the Blog tutorials from both Cake >>> 2.6 and Cake 3. In the gist there are the important files related to both >>> apps. >>> >>> https://gist.github.com/mcloide/28cb28a36dc3238ae666 >>> >>> Based on the resulting table (also on the gist), you are 100% right, my >>> cake 3 application should be able to login using my cake 2 application >>> password since it doesn't, I needed to troubleshoot a bit more and I have >>> found out that I had a double Auth entry on my cake 2 app controller. >>> >>> https://gist.github.com/mcloide/a1276e078c1d372e5a97 >>> >>> The part that is killing me right now is how did the "changeme" password >>> got saved as >>> "cb15d8050a3da1c302e62d27b57e128fb4aef8207b39cd17d44afb3838390c43" instead >>> of "c88333b093105e07acff5b19be6fbaf51e6482b1" and, even after the App >>> Controller authentication was corrected, removing the 2nd 'Auth" entry the >>> login still works on the old application in which I would assume it >>> wouldn't. >>> >>> Is there any way that I can know what hashing method is if >>> ($this->Auth->login()) using at the login moment? >>> >>> >>> >>> >>> >>> On Thursday, February 26, 2015 at 3:19:37 AM UTC-5, José Lorenzo wrote: >>>> >>>> How did you configure the salt and your Weak password hasher? Please >>>> show the code in gist or here. >>>> >>>> I can guarantee that passwords can be used from cake 2 in cake 3 >>>> because I've migrated a couple apps already. >>>> >>>> On Thursday, February 26, 2015 at 9:06:57 AM UTC+1, mcloide wrote: >>>>> >>>>> This is a scenario that is true to me and it is leading me to take the >>>>> decision to not upgrade to Cake3 at this moment. >>>>> >>>>> I have 2 applications and one has to communicate with another. One >>>>> application has been fully built with the latest stable version of cake 2 >>>>> and the new application, that is on legacy code, was going to be using >>>>> cake >>>>> 3 so we could benefit of all of the new perks. Unfortunately with the >>>>> removal of the cipherseed and the cipher functions a password that was >>>>> generated in cake2 now can't be used in cake3. >>>>> >>>>> Example of password encryption results using CakePHP 2.6 and CakePHP 3 >>>>> >>>>> password = changeme >>>>> Salt and Cipherseed where kept the same among both versions. >>>>> >>>>> CakePHP 2.6 >>>>> HashClass = Simple >>>>> HashType = SHA256 >>>>> Encryption result = >>>>> *cb15d8050a3da1c302e62d27b57e128fb4aef8207b39cd17d44afb3838390c43* >>>>> >>>>> CakePHP 3 >>>>> HashClass = Weak >>>>> HashType = SHA256 >>>>> Encryption result = *c88333b093105e07acff5b19be6fbaf51e6482b1* >>>>> >>>>> I had asked this on twitter before and the response that I got was >>>>> that there would be backwards compatibility if you were using Simple >>>>> password hasher in CakePHP 2.6 and upgraded it to CakePHP 3 so I wouldn't >>>>> need to change all my users passwords through the database or force them >>>>> to >>>>> reset their password. >>>>> >>>>> Based on the result above I don't see how I can use the same password >>>>> system from Cake 2 to Cake 3 and it also doesn't seem like it is using >>>>> the >>>>> hashType set on config. >>>>> >>>>> Is there anything I'm missing here. Can anyone help? >>>>> >>>>> I need to decide really quick if I will move forth with Cake 3 or keep >>>>> development with Cake 2. >>>>> >>>>> Thanks in advance. >>>>> >>>> -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/d/optout.
