ahuston-0/hydra
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Users: transparently upgrade passwords to Argon2

Browse Source 
Passwords that are sha1 will be transparently upgraded to argon2,
and future comparisons will use Argon2

Co-authored-by: Graham Christensen <graham@grahamc.com>
This commit is contained in:
Graham Christensen
2021-04-15 10:55:40 -04:00
committed by Graham Christensen
parent 29620df85e
commit 1da70030b7
3 changed files with 83 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/lib/Hydra/Schema/Users.pm
View File

@ -195,6 +195,7 @@ __PACKAGE__->many_to_many("projects", "projectmembers", "project");
# Created by DBIx::Class::Schema::Loader v0.07049 @ 2020-02-06 12:22:36
# DO NOT MODIFY THIS OR ANYTHING ABOVE! md5sum:4/WZ95asbnGmK+nEHb4sLQ
use Crypt::Passphrase;
use Digest::SHA1 qw(sha1_hex);
use String::Compare::ConstantTime;
@ -216,7 +217,28 @@ sub json_hint {
sub check_password {
my ($self, $password) = @_;
return String::Compare::ConstantTime::equals($self->password, sha1_hex($password));
my $authenticator = Crypt::Passphrase->new(
encoder => 'Argon2',
validators => [
(sub {
my ($password, $hash) = @_;
return String::Compare::ConstantTime::equals($hash, sha1_hex($password));
})
],
);
if ($authenticator->verify_password($password, $self->password)) {
if ($authenticator->needs_rehash($self->password)) {
$self->update({
"password" => $authenticator->hash_password($password),
});
}
return 1;
} else {
return 0;
}
}
1;