ma27/hydra
0
0
Fork 0
forked from lix-project/hydra
Code Pull requests Activity

Users: password changes via the web UI now use Argon2

Browse source 
Co-authored-by: Graham Christensen <graham@grahamc.com>
This commit is contained in:
Graham Christensen 2021-04-15 10:56:12 -04:00 committed by Graham Christensen
parent 1da70030b7
commit beb5be4302
2 changed files with 19 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/lib/Hydra/Controller/User.pm
View file

@ -229,12 +229,6 @@ sub isValidPassword {
}
sub setPassword {
my ($user, $password) = @_;
$user->update({ password => sha1_hex($password) });
}
sub register :Local Args(0) {
my ($self, $c) = @_;
@ -294,7 +288,7 @@ sub updatePreferences {
error($c, "The passwords you specified did not match.")
if $password ne trim $c->stash->{params}->{password2};
setPassword($user, $password);
$user->setPassword($password);
}
my $emailAddress = trim($c->stash->{params}->{emailaddress} // "");
@ -394,7 +388,7 @@ sub reset_password :Chained('user') :PathPart('reset-password') :Args(0) {
unless $user->emailaddress;
my $password = Crypt::RandPasswd->word(8,10);
setPassword($user, $password);
$user->setPassword($password);
sendEmail(
$c->config,
$user->emailaddress,

23
src/lib/Hydra/Schema/Users.pm
View file

@ -214,9 +214,7 @@ sub json_hint {
return \%hint;
}
sub check_password {
my ($self, $password) = @_;
sub _authenticator() {
my $authenticator = Crypt::Passphrase->new(
encoder => 'Argon2',
validators => [
@ -228,11 +226,16 @@ sub check_password {
],
);
return $authenticator;
}
sub check_password {
my ($self, $password) = @_;
my $authenticator = _authenticator();
if ($authenticator->verify_password($password, $self->password)) {
if ($authenticator->needs_rehash($self->password)) {
$self->update({
"password" => $authenticator->hash_password($password),
});
$self->setPassword($password);
}
return 1;
@ -241,4 +244,12 @@ sub check_password {
}
}
sub setPassword {
my ($self, $password) = @_;;
$self->update({
"password" => _authenticator()->hash_password($password),
});
}
1;