Uploaded image for project: 'Blesta Core'
  1. Blesta Core
  2. CORE-3325

Import Manager: Add support for modern WHMCS password hashes

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.9.0-b1
    • Component/s: Plugins
    • Labels:
      None

      Description

      WHMCS changed their password hashing algorithm. We used to be able to support their password hashes so clients could login after import without resetting their password.

      This was done by updating /config/blesta.php and changing the following:

      Configure::set("Blesta.auth_legacy_passwords", true);
      Configure::set("Blesta.auth_legacy_passwords_algo", "whmcs-md5");

      So, if we add support then I imagine we would do a similar thing, except for Blesta.auth_legacy_passwords_algo instead of "whmcs-md5" to "whmcs-sha256hmac" or something.

      See https://docs.whmcs.com/Admin_Password_Hashing#Hash_Schema for docs on their password hashing algorithm. This states that it's for Admins, I could not find a similar article for Clients, but it may be the same.

      See also https://www.ndchost.com/wiki/software/whmcs/client-password-hash for an overview and example.

        Activity

        admin Paul Phillips created issue -
        admin Paul Phillips made changes -
        Field Original Value New Value
        Rank Ranked higher
        admin Paul Phillips made changes -
        Rank Ranked lower
        admin Paul Phillips made changes -
        Description WHMCS changed their password hashing algorithm. We used to be able to support their password hashes so clients could login after import without resetting their password.

        This was done by updating /config/blesta.php and changing the following:

        Configure::set("Blesta.auth_legacy_passwords", true);
        Configure::set("Blesta.auth_legacy_passwords_algo", "whmcs-md5");

        So, if we add support then I imagine we would do a similar thing, except for Blesta.auth_legacy_passwords_algo instead of "whmcs-md5" to "whmcs-sha256hmac" or something.

        See https://docs.whmcs.com/Admin_Password_Hashing#Hash_Schema for docs on their password hashing algorithm. This states that it's for Admins, I could not find a similar article for Clients, but it may be the same.
        WHMCS changed their password hashing algorithm. We used to be able to support their password hashes so clients could login after import without resetting their password.

        This was done by updating /config/blesta.php and changing the following:

        Configure::set("Blesta.auth_legacy_passwords", true);
        Configure::set("Blesta.auth_legacy_passwords_algo", "whmcs-md5");

        So, if we add support then I imagine we would do a similar thing, except for Blesta.auth_legacy_passwords_algo instead of "whmcs-md5" to "whmcs-sha256hmac" or something.

        See https://docs.whmcs.com/Admin_Password_Hashing#Hash_Schema for docs on their password hashing algorithm. This states that it's for Admins, I could not find a similar article for Clients, but it may be the same.

        See also https://www.ndchost.com/wiki/software/whmcs/client-password-hash for an overview and example.
        tyson Tyson Phillips (Inactive) made changes -
        Story Points 3
        tyson Tyson Phillips (Inactive) made changes -
        Sprint 4.9.0 Sprint 1 [ 98 ]
        tyson Tyson Phillips (Inactive) made changes -
        Rank Ranked higher
        tyson Tyson Phillips (Inactive) made changes -
        Sprint 4.9.0 Sprint 1 [ 98 ] 4.9.0 Sprint 2 [ 99 ]
        tyson Tyson Phillips (Inactive) made changes -
        Rank Ranked lower
        tyson Tyson Phillips (Inactive) made changes -
        Fix Version/s 4.9.0-b1 [ 11301 ]
        jonathan Jonathan Reissmueller made changes -
        Remaining Estimate 0 minutes [ 0 ]
        Time Spent 41 minutes [ 2460 ]
        Worklog Id 13081 [ 13081 ]
        jonathan Jonathan Reissmueller made changes -
        Assignee Jonathan Reissmueller [ jonathan ]
        Automated transition triggered when Jonathan Reissmueller created a branch in Stash -
        Status Open [ 1 ] In Progress [ 3 ]
        jonathan Jonathan Reissmueller made changes -
        Time Spent 41 minutes [ 2460 ] 1 hour, 20 minutes [ 4800 ]
        Worklog Id 13082 [ 13082 ]
        Automated transition triggered when Jonathan Reissmueller created pull request #788 in Stash -
        Status In Progress [ 3 ] In Review [ 5 ]
        Resolution Fixed [ 1 ]
        Automated transition triggered when Tyson Phillips (Inactive) merged pull request #788 in Stash -
        Status In Review [ 5 ] Closed [ 6 ]
        admin Paul Phillips made changes -
        Resolution Fixed [ 1 ]
        Status Closed [ 6 ] Reopened [ 4 ]
        admin Paul Phillips made changes -
        Security Private [ 10000 ]
        admin Paul Phillips made changes -
        Status Reopened [ 4 ] Closed [ 6 ]
        Resolution Fixed [ 1 ]

          People

          • Assignee:
            jonathan Jonathan Reissmueller
            Reporter:
            admin Paul Phillips
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:
              Fix Release Date:
              31/Mar/20

              Time Tracking

              Estimated:
              Original Estimate - Not Specified
              Not Specified
              Remaining:
              Remaining Estimate - 0 minutes
              0m
              Logged:
              Time Spent - 1 hour, 20 minutes
              1h 20m

                Agile