Users: password changes via the web UI now use Argon2

Co-authored-by: Graham Christensen <graham@grahamc.com>
2021-04-15 10:56:12 -04:00 · 2021-04-15 10:56:12 -04:00 · beb5be4302
parent 1da70030b7
commit beb5be4302
2 changed files with 19 additions and 14 deletions
--- a/src/lib/Hydra/Controller/User.pm
+++ b/src/lib/Hydra/Controller/User.pm
@ -229,12 +229,6 @@ sub isValidPassword {
 }
 sub setPassword {
    my ($user, $password) = @_;
    $user->update({ password => sha1_hex($password) });
 }
 sub register :Local Args(0) {
    my ($self, $c) = @_;
@ -294,7 +288,7 @@ sub updatePreferences {
        error($c, "The passwords you specified did not match.")
            if $password ne trim $c->stash->{params}->{password2};
-        setPassword($user, $password);
+        $user->setPassword($password);
    }
    my $emailAddress = trim($c->stash->{params}->{emailaddress} // "");
@ -394,7 +388,7 @@ sub reset_password :Chained('user') :PathPart('reset-password') :Args(0) {
        unless $user->emailaddress;
    my $password = Crypt::RandPasswd->word(8,10);
-    setPassword($user, $password);
+    $user->setPassword($password);
    sendEmail(
        $c->config,
        $user->emailaddress,
--- a/src/lib/Hydra/Schema/Users.pm
+++ b/src/lib/Hydra/Schema/Users.pm
@ -214,9 +214,7 @@ sub json_hint {
    return \%hint;
 }
-sub check_password {
+sub _authenticator() {
    my ($self, $password) = @_;
    my $authenticator = Crypt::Passphrase->new(
        encoder    => 'Argon2',
        validators => [
@ -228,11 +226,16 @@ sub check_password {
        ],
    );
    return $authenticator;
 }
 sub check_password {
    my ($self, $password) = @_;
    my $authenticator = _authenticator();
    if ($authenticator->verify_password($password, $self->password)) {
        if ($authenticator->needs_rehash($self->password)) {
-            $self->update({
+            $self->setPassword($password);
                "password" => $authenticator->hash_password($password),
            });
        }
        return 1;
@ -241,4 +244,12 @@ sub check_password {
    }
 }
 sub setPassword {
    my ($self, $password) = @_;;
    $self->update({
        "password" => _authenticator()->hash_password($password),
    });
 }
 1;