I am attempting to migrate users from Drupal 8 into firebase auth.
I have tried following the instructions on https://firebase.google.com/docs/auth/admin/import-users#import_users_with_md5_sha_and_pbkdf_hashed_passwords.
The users import successfully, but the password does not work when I attempt to log in. After reversing the Drupal code, I'm getting the feeling that the sha512 hashing mechanism provided by firebase is not doing the same steps as what drupal does to determine the hash of the password.
The data in the drupal database for one user (this is dev data, not real user) password: $S$EF//ORKHHZKG9L4UEUUNycm0v5HatfjQxkxbKn19BiYMsPxi3u68
From reading through the drupal code, I've determined the following
$S$ = SHA512
"E" = 16 rounds
"F//ORKH" = the salt
"HZKG9L4UEUUNycm0v5HatfjQxkxbKn19BiYMsPxi3u68" = the hash
This was taken from here: https://api.drupal.org/api/drupal/core%21lib%21Drupal%21Core%21Password%21PhpassHashedPassword.php/class/PhpassHashedPassword/8.7.x
The relevant Go code for the import:
users := []*auth.UserToImport{
(&auth.UserToImport{}).
UID("00048ebbb178d47f674f48485205235c").
Email("[email protected]").
PasswordHash([]byte("HZKG9L4UEUUNycm0v5HatfjQxkxbKn19BiYMsPxi3u68")).
PasswordSalt([]byte("F//ORKH")),
}
h := hash.SHA512{
Rounds: 16,
}
result, err := client.ImportUsers(context.Background(), users, auth.WithHash(h))
So... with all of that said, i think the issue is that the drupal code is truncating the string that is actually being stored in the database to 55 characters. You can see this in the last line of the crypt method in the drupal code (url pasted above).
Has anyone out there successfully migrated drupal 8 users to firebase? If so, I'd love to know what step im missing. If not, some confirmation of my findings would help with my sanity.
