Version 5.2 release notes | FoalTS

Version 5.2 release notes | FoalTS

Briefly

"Version 5.2 introduces a new PasswordService that centralizes password hashing and verification functionality. This service provides a cleaner API and enables automatic password security upgrades. The PasswordService class groups all password-related operations: One of the key features of the new service is the ability to automatically upgrade password hashes when they become outdated. This is particularly useful when security standards evolve (e.g., when the number of PBKDF2 iterations increases)."

"The verifyPassword method now accepts an optional onPasswordUpgrade callback that is called when a password hash needs to be upgraded: When a user logs in with a password that was hashed with an older security standard, the service automatically: Verifies the password is correct Detects that the hash needs to be upgraded Generates a new hash with the current security standards Calls the onPasswordUpgrade callback with the new hash Returns the verification result"

"This ensures that all password hashes in your database are gradually upgraded to the latest security standards. The standalone functions hashPassword, verifyPassword, and passwordHashNeedsToBeRefreshed are now deprecated in favor of the PasswordService methods. The TypeORMStore session store now supports both number and string user IDs. This is particularly useful when using UUIDs or other string-based identifiers as primary keys for your users."