Users: password changes via the web UI now use Argon2

Co-authored-by: Graham Christensen <graham@grahamc.com>
2021-04-15 10:56:12 -04:00 · 2021-04-15 10:56:12 -04:00 · beb5be4302
parent 1da70030b7
commit beb5be4302
2 changed files with 19 additions and 14 deletions
--- a/src/lib/Hydra/Controller/User.pm
+++ b/src/lib/Hydra/Controller/User.pm
@ -229,12 +229,6 @@ sub isValidPassword {
 }


-sub setPassword {
-    my ($user, $password) = @_;
-    $user->update({ password => sha1_hex($password) });
-}
-
-
 sub register :Local Args(0) {
    my ($self, $c) = @_;

@ -294,7 +288,7 @@ sub updatePreferences {
        error($c, "The passwords you specified did not match.")
            if $password ne trim $c->stash->{params}->{password2};

-        setPassword($user, $password);
+        $user->setPassword($password);
    }

    my $emailAddress = trim($c->stash->{params}->{emailaddress} // "");
@ -394,7 +388,7 @@ sub reset_password :Chained('user') :PathPart('reset-password') :Args(0) {
        unless $user->emailaddress;

    my $password = Crypt::RandPasswd->word(8,10);
-    setPassword($user, $password);
+    $user->setPassword($password);
    sendEmail(
        $c->config,
        $user->emailaddress,
--- a/src/lib/Hydra/Schema/Users.pm
+++ b/src/lib/Hydra/Schema/Users.pm
@ -214,9 +214,7 @@ sub json_hint {
    return \%hint;
 }

-sub check_password {
-    my ($self, $password) = @_;
-
+sub _authenticator() {
    my $authenticator = Crypt::Passphrase->new(
        encoder    => 'Argon2',
        validators => [
@ -228,11 +226,16 @@ sub check_password {
        ],
    );

+    return $authenticator;
+}
+
+sub check_password {
+    my ($self, $password) = @_;
+
+    my $authenticator = _authenticator();
    if ($authenticator->verify_password($password, $self->password)) {
        if ($authenticator->needs_rehash($self->password)) {
-            $self->update({
-                "password" => $authenticator->hash_password($password),
-            });
+            $self->setPassword($password);
        }

        return 1;
@ -241,4 +244,12 @@ sub check_password {
    }
 }

+sub setPassword {
+    my ($self, $password) = @_;;
+
+    $self->update({
+        "password" => _authenticator()->hash_password($password),
+    });
+}
+
 1;