diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index c350f8a25b..39ee594549 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -439,8 +439,8 @@ INTERNAL_TOKEN=
;;Classes include "lower,upper,digit,spec"
;PASSWORD_COMPLEXITY = off
;;
-;; Password Hash algorithm, either "argon2", "pbkdf2", "scrypt" or "bcrypt"
-;PASSWORD_HASH_ALGO = pbkdf2
+;; Password Hash algorithm, either "argon2", "pbkdf2"/"pbkdf2_v2", "pbkdf2_hi", "scrypt" or "bcrypt"
+;PASSWORD_HASH_ALGO = pbkdf2_hi
;;
;; Set false to allow JavaScript to read CSRF cookie
;CSRF_COOKIE_HTTP_ONLY = true
diff --git a/modules/auth/password/hash/setting.go b/modules/auth/password/hash/setting.go
index 22f97dffe5..f33c3ba376 100644
--- a/modules/auth/password/hash/setting.go
+++ b/modules/auth/password/hash/setting.go
@@ -3,7 +3,14 @@
package hash
-const DefaultHashAlgorithmName = "pbkdf2"
+// DefaultHashAlgorithmName represents the default value of PASSWORD_HASH_ALGO
+// configured in app.ini.
+//
+// It is NOT the same and does NOT map to the defaultEmptyHashAlgorithmSpecification.
+//
+// It will be dealiased as per aliasAlgorithmNames whereas
+// defaultEmptyHashAlgorithmSpecification does not undergo dealiasing.
+const DefaultHashAlgorithmName = "pbkdf2_hi"
var DefaultHashAlgorithm *PasswordHashAlgorithm
diff --git a/modules/auth/password/hash/setting_test.go b/modules/auth/password/hash/setting_test.go
index 4c20ff179b..04965363a1 100644
--- a/modules/auth/password/hash/setting_test.go
+++ b/modules/auth/password/hash/setting_test.go
@@ -28,11 +28,11 @@ func TestCheckSettingPasswordHashAlgorithm(t *testing.T) {
})
}
- t.Run("pbkdf2_v2 is the default when default password hash algorithm is empty", func(t *testing.T) {
+ t.Run("pbkdf2_hi is the default when default password hash algorithm is empty", func(t *testing.T) {
emptyConfig, emptyAlgo := SetDefaultPasswordHashAlgorithm("")
- pbkdf2v2Config, pbkdf2v2Algo := SetDefaultPasswordHashAlgorithm("pbkdf2_v2")
+ pbkdf2hiConfig, pbkdf2hiAlgo := SetDefaultPasswordHashAlgorithm("pbkdf2_hi")
- assert.Equal(t, pbkdf2v2Config, emptyConfig)
- assert.Equal(t, pbkdf2v2Algo.Name, emptyAlgo.Name)
+ assert.Equal(t, pbkdf2hiConfig, emptyConfig)
+ assert.Equal(t, pbkdf2hiAlgo.Name, emptyAlgo.Name)
})
}
diff --git a/tests/mssql.ini.tmpl b/tests/mssql.ini.tmpl
index 9cec6169f9..3ee64628ed 100644
--- a/tests/mssql.ini.tmpl
+++ b/tests/mssql.ini.tmpl
@@ -98,6 +98,7 @@ COLORIZE = true
LEVEL = Debug
[security]
+PASSWORD_HASH_ALGO = argon2
DISABLE_GIT_HOOKS = false
INSTALL_LOCK = true
SECRET_KEY = 9pCviYTWSb
diff --git a/tests/mysql.ini.tmpl b/tests/mysql.ini.tmpl
index 24a9a02dc4..77e3e5e14c 100644
--- a/tests/mysql.ini.tmpl
+++ b/tests/mysql.ini.tmpl
@@ -117,6 +117,7 @@ COLORIZE = true
LEVEL = Debug
[security]
+PASSWORD_HASH_ALGO = argon2
DISABLE_GIT_HOOKS = false
INSTALL_LOCK = true
SECRET_KEY = 9pCviYTWSb
diff --git a/tests/mysql8.ini.tmpl b/tests/mysql8.ini.tmpl
index f290efe1dc..1a4fb745b9 100644
--- a/tests/mysql8.ini.tmpl
+++ b/tests/mysql8.ini.tmpl
@@ -95,6 +95,7 @@ COLORIZE = true
LEVEL = Debug
[security]
+PASSWORD_HASH_ALGO = argon2
DISABLE_GIT_HOOKS = false
INSTALL_LOCK = true
SECRET_KEY = 9pCviYTWSb
diff --git a/tests/pgsql.ini.tmpl b/tests/pgsql.ini.tmpl
index c39b6a79c3..f459aeec60 100644
--- a/tests/pgsql.ini.tmpl
+++ b/tests/pgsql.ini.tmpl
@@ -99,6 +99,7 @@ COLORIZE = true
LEVEL = Debug
[security]
+PASSWORD_HASH_ALGO = argon2
DISABLE_GIT_HOOKS = false
INSTALL_LOCK = true
SECRET_KEY = 9pCviYTWSb
diff --git a/tests/sqlite.ini.tmpl b/tests/sqlite.ini.tmpl
index f5e8895e06..f17e84dcec 100644
--- a/tests/sqlite.ini.tmpl
+++ b/tests/sqlite.ini.tmpl
@@ -94,6 +94,7 @@ COLORIZE = true
LEVEL = Debug
[security]
+PASSWORD_HASH_ALGO = argon2
DISABLE_GIT_HOOKS = false
INSTALL_LOCK = true
SECRET_KEY = 9pCviYTWSb