Fixed Core12 authentication gets auto-upgraded constantly

[xfrocks]

Affected version

2.0.1

We have noticed XF\Authentication\Core12::isUpgradable always returns true in our installation. Apparently, running XF\Authentication\Core12::generate will return "$2y" if password_hash is available. If I disable that branch and force it to use XF\Authentication\PasswordHash::HashPassword, the hash comes back with "$2a" prefix. Is this a bug?

 

[Chris D]

Yeah, that looks like a bug to me.

We've changed the code here to match $2y$ as well as $2a$ so that should prevent any unnecessary upgrading.