Alex-Devera/3x-ui
1
0
Fork 0
mirror of https://github.com/MHSanaei/3x-ui.git synced 2026-06-05 12:44:22 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

fix(db): make password-hash migration idempotent to prevent lock-out (#4612)

Browse source 
The UserPasswordHash seeder bcrypt-hashed user.Password unconditionally, assuming plaintext. If it ran on an already-bcrypt value (DB restore, SQLite<->Postgres switch, history_of_seeders inconsistency on upgrade) it double-hashed the password, locking the admin out with both old and new passwords rejected. Skip any password that is already a bcrypt hash.
This commit is contained in:
MHSanaei 2026-06-01 20:48:12 +02:00
parent 6ae1b38607
commit 80173b1b1d
No known key found for this signature in database
GPG key ID: 7E4060F2FBE5AB7A
2 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
database/db.go
View file

@ -203,6 +203,9 @@ func runSeeders(isUsersEmpty bool) error {
} }
for _, user := range users { for _, user := range users {
if crypto.IsHashed(user.Password) {
continue
}
hashedPassword, err := crypto.HashPasswordAsBcrypt(user.Password) hashedPassword, err := crypto.HashPasswordAsBcrypt(user.Password)
if err != nil { if err != nil {
log.Printf("Error hashing password for user '%s': %v", user.Username, err) log.Printf("Error hashing password for user '%s': %v", user.Username, err)

5
util/crypto/crypto.go
View file

@ -15,3 +15,8 @@ func HashPasswordAsBcrypt(password string) (string, error) {
func CheckPasswordHash(hash, password string) bool { func CheckPasswordHash(hash, password string) bool {
return bcrypt.CompareHashAndPassword([]byte(hash), []byte(password)) == nil return bcrypt.CompareHashAndPassword([]byte(hash), []byte(password)) == nil
} }
func IsHashed(s string) bool {
_, err := bcrypt.Cost([]byte(s))
return err == nil
}