Script to create a User with legacy password
We support new-style bcrypt passwords, which put the salt directly into the hash, but we also support our old style of passwords before bcrypt was used; which involves md5 hashing {salt}{password}
.
We've built support for this into PHP aurweb as well as Python/FastAPI aurweb, but we do not have facilities to getting this tested other than an internally hardcoded password update with a manual hashing step.
This one facility has been produced in Python/FastAPI aurweb, however, we would like a more permanent, script that allows us to create a user with a legacy password without any thought.
Perhaps something like create-legacy-user
; I do not know.
An additional feature here could be to define a "password version" in the db, which would allow us to instantly tell which format a stored password is in. This would help quite a bit, as it reduces hash steps we currently take, reducing the amount that the server has to perform to remain stable, suggested by @klausenbusk. Seems like a good idea. It would also allow us to do huge conversions of databases without much trouble.