From f33d93e276b1f1a4f45b7a396f56ab4d4a69f7d4 Mon Sep 17 00:00:00 2001
From: Spirtix <michal.prazak1@gmail.com>
Date: Thu, 26 Jun 2025 18:06:29 +0200
Subject: [PATCH] password rehashing asp net identity v3 uses a new hashing
 algorithm (hmac-sha256)

---
 src/Controllers/Common/AuthenticationController.cs | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/Controllers/Common/AuthenticationController.cs b/src/Controllers/Common/AuthenticationController.cs
index 3fc5548..465680a 100644
--- a/src/Controllers/Common/AuthenticationController.cs
+++ b/src/Controllers/Common/AuthenticationController.cs
@@ -48,11 +48,15 @@ public class AuthenticationController : Controller {
         } else {
             user = ctx.Users.FirstOrDefault(e => e.Username == data.UserName);
         }
-
-        if (user is null || new PasswordHasher<object>().VerifyHashedPassword(null, user.Password, data.Password) != PasswordVerificationResult.Success) {
+        PasswordVerificationResult result = new PasswordHasher<object>().VerifyHashedPassword(null, user.Password, data.Password);
+        if (user is null || result == PasswordVerificationResult.Failed) {
             return Ok(new ParentLoginInfo { Status = MembershipUserStatus.InvalidPassword });
         }
 
+        if (result == PasswordVerificationResult.SuccessRehashNeeded) {
+            user.Password = new PasswordHasher<object>().HashPassword(null, data.Password);
+        }
+
         // Create session
         Session session = new Session {
             User = user,