ahuston-0/hydra
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Users: password changes via the web UI now use Argon2

Browse Source 
Co-authored-by: Graham Christensen <graham@grahamc.com>
This commit is contained in:
Graham Christensen
2021-04-15 10:56:12 -04:00
committed by Graham Christensen
parent 1da70030b7
commit beb5be4302
2 changed files with 19 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
src/lib/Hydra/Schema/Users.pm
View File

@ -214,9 +214,7 @@ sub json_hint {
return \%hint;
}
sub check_password {
my ($self, $password) = @_;
sub _authenticator() {
my $authenticator = Crypt::Passphrase->new(
encoder => 'Argon2',
validators => [
@ -228,11 +226,16 @@ sub check_password {
],
);
return $authenticator;
}
sub check_password {
my ($self, $password) = @_;
my $authenticator = _authenticator();
if ($authenticator->verify_password($password, $self->password)) {
if ($authenticator->needs_rehash($self->password)) {
$self->update({
"password" => $authenticator->hash_password($password),
});
$self->setPassword($password);
}
return 1;
@ -241,4 +244,12 @@ sub check_password {
}
}
sub setPassword {
my ($self, $password) = @_;;
$self->update({
"password" => _authenticator()->hash_password($password),
});
}
1;