Skip to content

Fix: reset argon 2 options to previous default#10667

Merged
lohanidamodar merged 1 commit into1.8.xfrom
fix-auth-refactor
Oct 19, 2025
Merged

Fix: reset argon 2 options to previous default#10667
lohanidamodar merged 1 commit into1.8.xfrom
fix-auth-refactor

Conversation

@lohanidamodar
Copy link
Copy Markdown
Member

@lohanidamodar lohanidamodar commented Oct 19, 2025

What does this PR do?

  • Reset Argon2 hash default

Test Plan

(Write your test plan here. If you changed any code, please provide us with clear instructions on how you verified your changes work. Screenshots may also be helpful.)

Related PRs and Issues

  • (Related PR or issue)

Checklist

  • Have you read the Contributing Guidelines on issues?
  • If the PR includes a change to an API's metadata (desc, label, params, etc.), does it also include updated API specs and example docs?

@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai bot commented Oct 19, 2025
edited
Loading

📝 Walkthrough

Walkthrough

This pull request refactors Argon2 password hashing configuration across the codebase. It removes dynamic Argon2 class instantiation from the common configuration file and replaces it with hardcoded values ('argon2' hash name and explicit option array). The hashing parameters are simultaneously adjusted across three files: memory cost reduced from 7168 to 2048, time cost from 5 to 4, and threads increased from 1 to 3.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

The changes follow a consistent, homogeneous pattern applied across three files with no control-flow or logic modifications. However, review requires careful verification that all Argon2 parameter instances are updated correctly and consistently, as these are security-relevant hashing parameters.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Title Check ✅ Passed The PR title "Fix: reset argon 2 options to previous default" directly relates to the main changes in the changeset. The modifications across three files (common.php, users.php, and init/resources.php) all involve adjusting Argon2 hashing parameters—specifically reducing memory cost from 7168 to 2048, time cost from 5 to 4, and threads from 1 to 3—which aligns with the concept of resetting to a previous default state. The title is concise, specific, and clearly indicates the primary change without vague or misleading language.
Description Check ✅ Passed The PR description states "Reset Argon2 hash default" in the "What does this PR do?" section, which is directly related to the changeset. The description accurately identifies the core purpose of the changes—adjusting Argon2 parameters across multiple files to reset them to specific default values. While the Test Plan section is empty and brief, the description itself provides meaningful information about what the PR accomplishes and is clearly on-topic rather than vague or generic.
Docstring Coverage ✅ Passed No functions found in the changes. Docstring coverage check skipped.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch fix-auth-refactor
📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 07d55d1 and 248d3ae.

📒 Files selected for processing (3)
  • app/config/collections/common.php (2 hunks)
  • app/controllers/api/users.php (2 hunks)
  • app/init/resources.php (1 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)
  • GitHub Check: Setup & Build Appwrite Image
  • GitHub Check: Setup & Build Appwrite Image
  • GitHub Check: scan

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions
Copy link
Copy Markdown

github-actions bot commented Oct 19, 2025

Security Scan Results for PR

Docker Image Scan Results

Package Version Vulnerability Severity
binutils 2.44-r2 CVE-2025-5244 HIGH
binutils 2.44-r2 CVE-2025-5245 HIGH
libxml2 2.13.8-r0 CVE-2025-49794 CRITICAL
libxml2 2.13.8-r0 CVE-2025-49796 CRITICAL
libxml2 2.13.8-r0 CVE-2025-49795 HIGH
libxml2 2.13.8-r0 CVE-2025-6021 HIGH
golang.org/x/crypto v0.31.0 CVE-2025-22869 HIGH
golang.org/x/oauth2 v0.24.0 CVE-2025-22868 HIGH
stdlib 1.22.10 CVE-2025-47907 HIGH

Source Code Scan Results

🎉 No vulnerabilities found!

@github-actions
Copy link
Copy Markdown

github-actions bot commented Oct 19, 2025

✨ Benchmark results

  • Requests per second: 1,093
  • Requests with 200 status code: 196,866
  • P99 latency: 0.180977838

⚡ Benchmark Comparison

Metric This PR Latest version
RPS 1,093 882
200 196,866 158,783
P99 0.180977838 0.243876588

@lohanidamodar lohanidamodar merged commit 254f026 into 1.8.x Oct 19, 2025
41 checks passed
@lohanidamodar lohanidamodar deleted the fix-auth-refactor branch October 19, 2025 08:15
@stnguyen90 stnguyen90 mentioned this pull request Dec 5, 2025
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eldadfux eldadfux eldadfux approved these changes

@abnegate abnegate Awaiting requested review from abnegate

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lohanidamodar @eldadfux