FIX Update meber passwordencryption to default on password change

security/Member.php

@@ -975,8 +975,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
 			$encryption_details = Security::encrypt_password(
 				$this->Password, // this is assumed to be cleartext
 				$this->Salt,
-				($this->PasswordEncryption) ?
-					$this->PasswordEncryption : Security::config()->password_encryption_algorithm,
+				$this->isChanged('PasswordEncryption') ? $this->PasswordEncryption : null,
 				$this
 			);
 

tests/security/MemberTest.php

@@ -45,7 +45,21 @@ class MemberTest extends FunctionalTest {
 		parent::tearDown();
 	}
 
-
+	public function testPasswordEncryptionUpdatedOnChangedPassword()
+	{
+		Config::inst()->update('Security', 'password_encryption_algorithm', 'none');
+		$member = Member::create();
+		$member->SetPassword = 'password';
+		$member->write();
+		$this->assertEquals('password', $member->Password);
+		$this->assertEquals('none', $member->PasswordEncryption);
+		Config::inst()->update('Security', 'password_encryption_algorithm', 'blowfish');
+		$member->SetPassword = 'newpassword';
+		$member->write();
+		$this->assertNotEquals('password', $member->Password);
+		$this->assertNotEquals('newpassword', $member->Password);
+		$this->assertEquals('blowfish', $member->PasswordEncryption);
+	}
 
 	/**
 	 * @expectedException ValidationException
@@ -94,28 +108,6 @@ class MemberTest extends FunctionalTest {
 		);
 	}
 
-	public function testDefaultPasswordEncryptionDoesntChangeExistingMembers() {
-		$member = new Member();
-		$member->Password = 'mypassword';
-		$member->PasswordEncryption = 'sha1_v2.4';
-		$member->write();
-
-		$origAlgo = Security::config()->password_encryption_algorithm;
-		Security::config()->password_encryption_algorithm = 'none';
-
-		$member->Password = 'mynewpassword';
-		$member->write();
-
-		$this->assertEquals(
-			$member->PasswordEncryption,
-			'sha1_v2.4'
-		);
-		$result = $member->checkPassword('mynewpassword');
-		$this->assertTrue($result->valid());
-
-		Security::config()->password_encryption_algorithm = $origAlgo;
-	}
-
 	public function testKeepsEncryptionOnEmptyPasswords() {
 		$member = new Member();
 		$member->Password = 'mypassword';
@@ -126,8 +118,8 @@ class MemberTest extends FunctionalTest {
 		$member->write();
 
 		$this->assertEquals(
-			$member->PasswordEncryption,
-			'sha1_v2.4'
+			Security::config()->get('password_encryption_algorithm'),
+            $member->PasswordEncryption
 		);
 		$result = $member->checkPassword('');
 		$this->assertTrue($result->valid());