Vendor new gem to support PBKDF2+SHA512 password hashing (!90629) · Merge requests · GitLab.org / GitLab

Drew Blessing requested to merge dblessing_vendor_pbkdf2_sha512_gem into master Jun 20, 2022

What does this MR do and why?

Describe in detail what your merge request does and why.

Breakout of the original MR !87940 (closed). Related to #360658 (closed)

Creates a new vendored gem that supports PBKDF2+SHA512 with Devise. A subsequent MR will hook everything up. See !87940 (closed) for the combined MR if you want more context as to how it will be used. The pieces you see in that MR that aren't here will be added in a second MR. I split them up to ease review.

I decided on a vendored gem due to our docs at https://docs.gitlab.com/ee/development/gemfile.html#gitlab-created-gems. This gives us the flexibility to publish it as a gem, and split it out later, but first let's just get it in GitLab and make use of it ourselves.

Screenshots or screen recordings

These are strongly recommended to assist reviewers and reduce the time to merge your change.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Jun 20, 2022 by Drew Blessing

Vendor new gem to support PBKDF2+SHA512 password hashing

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports