@@ -6,11 +6,24 @@ defmodule Pleroma.Plugs.AuthenticationPlug do | |||||
alias Comeonin.Pbkdf2 | alias Comeonin.Pbkdf2 | ||||
import Plug.Conn | import Plug.Conn | ||||
alias Pleroma.User | alias Pleroma.User | ||||
require Logger | |||||
def init(options) do | def init(options) do | ||||
options | options | ||||
end | end | ||||
def checkpw(password, password_hash) do | |||||
cond do | |||||
String.starts_with?(password_hash, "$pbkdf2") -> | |||||
Pbkdf2.checkpw(password, password_hash) | |||||
String.starts_with?(password_hash, "$6") -> | |||||
:crypt.crypt(password, password_hash) == password_hash | |||||
true -> | |||||
Logger.error("Password hash not recognized") | |||||
false | |||||
end | |||||
end | |||||
def call(%{assigns: %{user: %User{}}} = conn, _), do: conn | def call(%{assigns: %{user: %User{}}} = conn, _), do: conn | ||||
def call( | def call( | ||||
@@ -3,7 +3,7 @@ | |||||
# SPDX-License-Identifier: AGPL-3.0-only | # SPDX-License-Identifier: AGPL-3.0-only | ||||
defmodule Pleroma.Web.Auth.PleromaAuthenticator do | defmodule Pleroma.Web.Auth.PleromaAuthenticator do | ||||
alias Comeonin.Pbkdf2 | |||||
alias Pleroma.Plugs.AuthenticationPlug | |||||
alias Pleroma.Registration | alias Pleroma.Registration | ||||
alias Pleroma.Repo | alias Pleroma.Repo | ||||
alias Pleroma.User | alias Pleroma.User | ||||
@@ -16,7 +16,7 @@ defmodule Pleroma.Web.Auth.PleromaAuthenticator do | |||||
def get_user(%Plug.Conn{} = conn) do | def get_user(%Plug.Conn{} = conn) do | ||||
with {:ok, {name, password}} <- fetch_credentials(conn), | with {:ok, {name, password}} <- fetch_credentials(conn), | ||||
{_, %User{} = user} <- {:user, fetch_user(name)}, | {_, %User{} = user} <- {:user, fetch_user(name)}, | ||||
{_, true} <- {:checkpw, Pbkdf2.checkpw(password, user.password_hash)} do | |||||
{_, true} <- {:checkpw, AuthenticationPlug.checkpw(password, user.password_hash)} do | |||||
{:ok, user} | {:ok, user} | ||||
else | else | ||||
error -> | error -> | ||||
@@ -6,11 +6,11 @@ defmodule Pleroma.Web.CommonAPI.Utils do | |||||
import Pleroma.Web.Gettext | import Pleroma.Web.Gettext | ||||
alias Calendar.Strftime | alias Calendar.Strftime | ||||
alias Comeonin.Pbkdf2 | |||||
alias Pleroma.Activity | alias Pleroma.Activity | ||||
alias Pleroma.Config | alias Pleroma.Config | ||||
alias Pleroma.Formatter | alias Pleroma.Formatter | ||||
alias Pleroma.Object | alias Pleroma.Object | ||||
alias Pleroma.Plugs.AuthenticationPlug | |||||
alias Pleroma.Repo | alias Pleroma.Repo | ||||
alias Pleroma.User | alias Pleroma.User | ||||
alias Pleroma.Web.ActivityPub.Utils | alias Pleroma.Web.ActivityPub.Utils | ||||
@@ -371,7 +371,7 @@ defmodule Pleroma.Web.CommonAPI.Utils do | |||||
def confirm_current_password(user, password) do | def confirm_current_password(user, password) do | ||||
with %User{local: true} = db_user <- User.get_cached_by_id(user.id), | with %User{local: true} = db_user <- User.get_cached_by_id(user.id), | ||||
true <- Pbkdf2.checkpw(password, db_user.password_hash) do | |||||
true <- AuthenticationPlug.checkpw(password, db_user.password_hash) do | |||||
{:ok, db_user} | {:ok, db_user} | ||||
else | else | ||||
_ -> {:error, dgettext("errors", "Invalid password.")} | _ -> {:error, dgettext("errors", "Invalid password.")} | ||||
@@ -7,10 +7,10 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do | |||||
require Logger | require Logger | ||||
alias Comeonin.Pbkdf2 | |||||
alias Pleroma.Activity | alias Pleroma.Activity | ||||
alias Pleroma.Emoji | alias Pleroma.Emoji | ||||
alias Pleroma.Notification | alias Pleroma.Notification | ||||
alias Pleroma.Plugs.AuthenticationPlug | |||||
alias Pleroma.User | alias Pleroma.User | ||||
alias Pleroma.Web | alias Pleroma.Web | ||||
alias Pleroma.Web.ActivityPub.ActivityPub | alias Pleroma.Web.ActivityPub.ActivityPub | ||||
@@ -96,7 +96,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do | |||||
name = followee.nickname | name = followee.nickname | ||||
with %User{} = user <- User.get_cached_by_nickname(username), | with %User{} = user <- User.get_cached_by_nickname(username), | ||||
true <- Pbkdf2.checkpw(password, user.password_hash), | |||||
true <- AuthenticationPlug.checkpw(password, user.password_hash), | |||||
%User{} = _followed <- User.get_cached_by_id(id), | %User{} = _followed <- User.get_cached_by_id(id), | ||||
{:ok, follower} <- User.follow(user, followee), | {:ok, follower} <- User.follow(user, followee), | ||||
{:ok, _activity} <- ActivityPub.follow(follower, followee) do | {:ok, _activity} <- ActivityPub.follow(follower, followee) do | ||||