How to change hashing algorithm in drupal 8

Category:
Web
Drupal

In this article, I'll show you how to change hashing algorithm in drupal 8 by creating our custom "codimth_hashedpassword" module.

this tuto is an example, I used for migrating users passwords from non-drupal database to Drupal 8.

Create codimth_hashedpassword.info.yml file:

name: Codimth Hashed Password Alter
description: "create custom Hashed Password"
type: module
package: 'Codimth'
core: 8.x

Create codimth_hashedpassword.services.yml file:

I define a new service to process all the submitted passwords from users by adding a codimth_hashedpassword.services.yml file with the following:

services:
  codimth_hashedpassword:
    class: Drupal\codimth_hashedpassword\CodimthHashedPasswordService

Create src/CodimthHashedPasswordService.php file:

<?php

namespace Drupal\codimth_hashedpassword;

use Drupal\Component\Utility\Crypt;
use Drupal\Core\Password\PhpassHashedPassword;
use Drupal\Core\Password\PasswordInterface;

/**
 * Class CodimthHashedPasswordService
 * @package Drupal\codimth
 */
class CodimthHashedPasswordService extends PhpassHashedPassword implements PasswordInterface
{

  /**
   * @param string $password
   * @param string $hash
   * @return bool
   */
  public function check($password, $hash)
  {
    $computed_hash = md5($password);
    if ($computed_hash && Crypt::hashEquals($hash, $computed_hash)) {      
      return $computed_hash && Crypt::hashEquals($hash, $computed_hash);
    }
    return parent::check($password, $hash);
  }
}

I override the  Drupal/Core/Password/PhpassHashedPassword.php class and override the check() method to include my custom logic.

md5() function calculates the MD5 hash of a string.

When user logs in, the check() method is going to do the following:

  • hash password with md5() and compare it with the one stored during migration, if they are the same returns the result of 

    $computed_hash && Crypt::hashEquals($hash, $computed_hash)

  • If  users registered on drupal 8 site, it uses logic from PhpassHashedPassword class provided by Drupal core.(return parent::check($password, $hash);)

Next steps

  • Clear your Drupal 8 caches. To do this I use this Drush command: drush cr if you don’t currently use Drush, I highly recommend using it, or the Drupal Console.
  • Now, go back to your site, and logged out and then logged in to check if our module works fine.
  • I hope you found this article useful. let me know if you have any questions and I’ll be happy to answer them.
  • This code can be found and downloaded from https://github.com/codimth/codimth_hashedpassword.
Tags :
Drupal 8 & 9 & 10 Auth Migrate Api

Riadh Rahmi

Senior Web Developer PHP/Drupal & Laravel

I am a senior web developer, I have experience in planning and developing large scale dynamic web solutions especially in Drupal & Laravel.

Recent comments

Recent content

Create paragraphs and attach to node programmatically in drupal 10
Dependent select dropdowns using #ajax in node add/edit form drupal 8 & 9
Provide token for media entities in Drupal 8 & 9
Create custom image token in drupal 8 & 9
How To Create A Custom Token In Drupal 8 & 9
How To Use Batch API in Drupal 8 & 9
How to use Batch API to do heavy processing in Drupal 8 & 9
Disable cache for a block in Drupal 8
Create and Apply Patches using GIT DIFF and APPLY
How to change canonical URL programmatically in drupal 8 & 9
How to Create a Custom Field Formatter in Drupal 8 & 9
Programmatically update an entity reference field in Drupal 8 & 9
How To pass parameter from node to webform with custom token In Drupal 8 & 9
How to create media entities and attach them to paragraphs in Drupal 8 & 9
How to attach paragraphs to node programmatically in drupal 8 & 9

Web Posts

Subscribe Newsletter

Search

Related Articles

Page Facebook

Popular Tags

Ajax
DevOps
Form API
Token
Middleware API
Snippets
Views
Json API
Cron
Menu API
Drush
Twig
Auth
Cache
Docker
Module Development
Ckeditor
Configuration
Taxonomy
webform
jQuery
JavaScript
Routing system
Drupal Console
Git
Vagrant
Homestead
CORS
WSOD
PHP
Database API
Block
Block API
Rules
Migrate Api
Contributed Modules
Rules Module
Media
Site building
Social Tools
Drupal Planet
Drupal
Nodes
programmatically
User Api
Update API
Batch API
frontend
drupal8
theme settings
theming
Unpublished Content
Restrict Domain Registration
Text formats
Block attributes
httpClient
Google Maps
SEO
Bing
Google My Business
Google
Social Media
Instagram
Youtube Music
custom permissions
media entities
ThirdPartySettings
custom node action
Drupal 9
Tips Drupal
Tutorial Drupal
Links in Drupal
File Entity in Drupal
laravel migration
delete confirmation
Laravel tutoriel
Laravel seeder
Tips Laravel
crud laravel 7
MySQL
Tips Vue.js
Vue.js
Vue.js Tutoriels
dr
Laravel 8
Laravel
lara
Drupal 8 & 9 generated link
Drupal 8 & 9 custom services
Drupal 8 & 9 services
Drupal 8 & 9 & 10