Hello,
I am trying to overwrite new passwords with an Ansible playbook in the core_user table. I understand the UUID is used as a salt for bcrypt, but the Ansible library (https://passlib.readthedocs.io/en/stable/lib/passlib.hash.bcrypt.html) is expecting only 22 alphanumeric characters for the salt.
I don’t understand the Clojure code very well. What is it done by Clojure for the UUID to be a valid bcrypt salt?
Thanks!
Hi,
I got the same problem. I checked Metabase's source code and i found the solution.
In core_user table, there is a "password_salt" column that is an UUID (for example f9999305-8a58-5713-be98-ae123b456789).
You have to concatenate it with the new password, for example "superPwd".
Then use BCrypt "hashpw()" function with a salt generated by BCrypt "gensalt()" function.
With java we'd get with our example values : BCrypt.hashpw("f9999305-8a58-5713-be98-ae123b456789superPwd",BCrypt.gensalt())
Copy paste the result of hashpw() function into the columen user_core.password and that's all.