You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In order to make LSP the best it can be, we have to first make the code "maintainable". This PR refactors LSP and adds test coverage to ensure things keep working in the future. Passwords are now properly hashed using Bcrypt. Whenever someone logs-in, we re-hash the password thanks to Symfony's config.
If you have a dedicated .env for production, set LSP_DATA_DIR="%kernel.project_dir%/tmp" there.
I decided to split the previously "all-in-one" route into separate paths, ie /lsp/{id}, but there's now LegacyRedirectResolver for compatibility redirects.
There's now GitHub Actions config to run tests on every change/other PRs. Feel free to ask any follow-up questions.
One more note about passwords: the re-hashed password gets stored in the pw column, because current password column is too small for bcrypt, and since the pw column was previously unused - sounds like finally an opportunity to put it into use without having to modify the existing db schema.
One more note about passwords: the re-hashed password gets stored in the pw column, because current password column is too small for bcrypt, and since the pw column was previously unused - sounds like finally an opportunity to put it into use without having to modify the existing db schema.
My advice is to update the schema and check the hash length before comparing so we can support both old and new. I think pw once stored the temporary unencrypted version. If it's not needed, it should be removed.
Thanks. Now there's 05-change-password-size.sql and 06-drop-legacy-pw-column.sql migrations attached.
I couldn't find any usage of the pw column in previous codebase, so it's safe to drop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
In order to make LSP the best it can be, we have to first make the code "maintainable". This PR refactors LSP and adds test coverage to ensure things keep working in the future. Passwords are now properly hashed using Bcrypt. Whenever someone logs-in, we re-hash the password thanks to Symfony's config.
Live environment if you would like to test it yourself: https://lmmsio-production-lj6ate.laravel.cloud/lsp (note this hosting uses ephemeral storage so files won't last long - not a code bug)
If you have a dedicated
.envfor production, setLSP_DATA_DIR="%kernel.project_dir%/tmp"there.I decided to split the previously "all-in-one" route into separate paths, ie /lsp/{id}, but there's now
LegacyRedirectResolverfor compatibility redirects.There's now GitHub Actions config to run tests on every change/other PRs. Feel free to ask any follow-up questions.
Don't forget to run
composer ilocally.