forked from lix-project/hydra
Users: password changes via the web UI now use Argon2
Co-authored-by: Graham Christensen <graham@grahamc.com>
This commit is contained in:
parent
1da70030b7
commit
beb5be4302
|
@ -229,12 +229,6 @@ sub isValidPassword {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
sub setPassword {
|
|
||||||
my ($user, $password) = @_;
|
|
||||||
$user->update({ password => sha1_hex($password) });
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
sub register :Local Args(0) {
|
sub register :Local Args(0) {
|
||||||
my ($self, $c) = @_;
|
my ($self, $c) = @_;
|
||||||
|
|
||||||
|
@ -294,7 +288,7 @@ sub updatePreferences {
|
||||||
error($c, "The passwords you specified did not match.")
|
error($c, "The passwords you specified did not match.")
|
||||||
if $password ne trim $c->stash->{params}->{password2};
|
if $password ne trim $c->stash->{params}->{password2};
|
||||||
|
|
||||||
setPassword($user, $password);
|
$user->setPassword($password);
|
||||||
}
|
}
|
||||||
|
|
||||||
my $emailAddress = trim($c->stash->{params}->{emailaddress} // "");
|
my $emailAddress = trim($c->stash->{params}->{emailaddress} // "");
|
||||||
|
@ -394,7 +388,7 @@ sub reset_password :Chained('user') :PathPart('reset-password') :Args(0) {
|
||||||
unless $user->emailaddress;
|
unless $user->emailaddress;
|
||||||
|
|
||||||
my $password = Crypt::RandPasswd->word(8,10);
|
my $password = Crypt::RandPasswd->word(8,10);
|
||||||
setPassword($user, $password);
|
$user->setPassword($password);
|
||||||
sendEmail(
|
sendEmail(
|
||||||
$c->config,
|
$c->config,
|
||||||
$user->emailaddress,
|
$user->emailaddress,
|
||||||
|
|
|
@ -214,9 +214,7 @@ sub json_hint {
|
||||||
return \%hint;
|
return \%hint;
|
||||||
}
|
}
|
||||||
|
|
||||||
sub check_password {
|
sub _authenticator() {
|
||||||
my ($self, $password) = @_;
|
|
||||||
|
|
||||||
my $authenticator = Crypt::Passphrase->new(
|
my $authenticator = Crypt::Passphrase->new(
|
||||||
encoder => 'Argon2',
|
encoder => 'Argon2',
|
||||||
validators => [
|
validators => [
|
||||||
|
@ -228,11 +226,16 @@ sub check_password {
|
||||||
],
|
],
|
||||||
);
|
);
|
||||||
|
|
||||||
|
return $authenticator;
|
||||||
|
}
|
||||||
|
|
||||||
|
sub check_password {
|
||||||
|
my ($self, $password) = @_;
|
||||||
|
|
||||||
|
my $authenticator = _authenticator();
|
||||||
if ($authenticator->verify_password($password, $self->password)) {
|
if ($authenticator->verify_password($password, $self->password)) {
|
||||||
if ($authenticator->needs_rehash($self->password)) {
|
if ($authenticator->needs_rehash($self->password)) {
|
||||||
$self->update({
|
$self->setPassword($password);
|
||||||
"password" => $authenticator->hash_password($password),
|
|
||||||
});
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
|
@ -241,4 +244,12 @@ sub check_password {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sub setPassword {
|
||||||
|
my ($self, $password) = @_;;
|
||||||
|
|
||||||
|
$self->update({
|
||||||
|
"password" => _authenticator()->hash_password($password),
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
1;
|
1;
|
||||||
|
|
Loading…
Reference in a new issue