I am trying to bulk import all of our Magento users into auth0, but I’m not sure how to format the password_hash for auth0 from the argon2id13 format of magento.
Here’s an example of the format that auth0 would want
"custom_password_hash": {
"algorithm": "argon2",
"hash": {
"value": "$argon2id$v=19$m=65536,t=2,p=1$J6Q/82PCyaNpYKRELJyTZg$m04qUAB8rexWDR4+/0f+SFB+4XMFxt7YAvAq2UycYos"
}
}
And our magento password_hashes are something like
13a1e806c56a702e21e6568f65f21458ba32d7c1a884d5fc0a54dcfe75783989:AWHUeMyZzlNuuOvb:2
I tried formatting it like the following but that did not properly convert the password:
$argon2id$v=13$m=1024,t=2,p=1$AWHUeMyZzlNuuOvb$13a1e806c56a702e21e6568f65f21458ba32d7c1a884d5fc0a54dcfe75783989
I’m not sure what values to be putting for m, t, p, and I’m assuming what comes after the first semi colon in the Magento hash is the salt. Does anyone know how I should format that full hash?
Hi @ashwin1
Welcome to the Auth0 Community!
Are you using magento 2? This thread goes through a similar issue:
I am trying to migrate users from my Magneto 2 database to Auth0
I am using the bulk import endpoints (Too new for link). The user passwords are hashed using "Argon 2ID13” algorithm in php. I am reasonably confident the built in php function “sodium_crypto_pwhash” is being used. (Doc found by googling sodium_crypto_pwhash, account to new to link).
I’m reasonably confident the implementation of all this within Magneto can be found here (magento2/Encryptor.php at 1c3837ce0183180d40d4c0e0fd0a…
It looks like you can find the missing variables using the strategy outlined in this GitHub issue:
opened 03:21PM - 22 Jul 20 UTC
closed 09:08PM - 10 Feb 21 UTC
Triage: Dev.Experience
Progress: done
Issue: ready for confirmation
Reported on 2.3.3
<!---
Please review our guidelines before adding a new issue: https://github.co… m/magento/magento2/wiki/Issue-reporting-guidelines
Fields marked with (*) are required. Please don't remove the template.
-->
### Preconditions (*)
<!---
Provide the exact Magento version (example: 2.4.0) and any important information on the environment where bug is reproducible.
-->
1. Magento 2.3.3
2. PHP 7.2.22
### Steps to reproduce (*)
<!---
Important: Provide a set of clear steps to reproduce this bug. We can not provide support without clear instructions on how to reproduce.
-->
1. Fresh Magento install
2. Create some admin and customer accounts
3. Make some system or hardware upgrade on server compiling and running PHP which change Sodium predefined constants https://www.php.net/manual/en/sodium.constants.php
4. Try to login with any account
### Expected result (*)
1. Any admin or customer could login with their current password
### Actual result (*)
1. Admin and customer cannot login with their current password and need to use forgotten password function to get a new one
**Temporary workaround**
Get constant value from the old server
```bash
$ php -r 'echo SODIUM_CRYPTO_SIGN_SEEDBYTES."\n";'
32
$ php -r 'echo SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE."\n";'
4
$ php -r 'echo SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE."\n";'
33554432
```
Check if they differ on the new server
```bash
$ php -r 'echo SODIUM_CRYPTO_SIGN_SEEDBYTES."\n";'
32
$ php -r 'echo SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE."\n";'
2
$ php -r 'echo SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE."\n";'
67108864
```
On the new server, replace constant by the value from the old server into the sodium_crypto_pwhash function
https://github.com/magento/magento2/blob/2.4-develop/lib/internal/Magento/Framework/Encryption/Encryptor.php#L585
User could login again without need to reset their password.
---
Please provide [Severity](https://devdocs.magento.com/guides/v2.3/contributor-guide/contributing.html#backlog) assessment for the Issue as Reporter. This information will help during Confirmation and Issue triage processes.
- [ ] Severity: **S0** _- Affects critical data or functionality and leaves users without workaround._
- [x] Severity: **S1** _- Affects critical data or functionality and forces users to employ a workaround._
- [ ] Severity: **S2** _- Affects non-critical data or functionality and forces users to employ a workaround._
- [ ] Severity: **S3** _- Affects non-critical data or functionality and does not force users to employ a workaround._
- [ ] Severity: **S4** _- Affects aesthetics, professional look and feel, “quality” or “usability”._
Hope this helps!
Thanks Dan, yes I am using magento 2. I don’t see auth0 mentioned in that thread or how to structure the hash in the format auth0 wants. Am I missing something there?
It looks like the SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE
and SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE
variables mentioned in the github issue may correlate with the iterations (t) and memory size (m) , respectively.
I don’t have the tools set up to test this, but it may be helpful if you try and extract those variables to create your hash.
system
Closed
December 23, 2021, 5:01pm
6
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.