From baef35bcc8685757b0039f76d2614bbb08e410f7 Mon Sep 17 00:00:00 2001 From: lain Date: Sun, 17 May 2020 10:31:01 +0200 Subject: [PATCH] Authentication Plug: Update bcrypt password on login. --- lib/pleroma/plugs/authentication_plug.ex | 13 +++++++++++++ test/plugs/authentication_plug_test.exs | 18 ++++++++++++------ 2 files changed, 25 insertions(+), 6 deletions(-) diff --git a/lib/pleroma/plugs/authentication_plug.ex b/lib/pleroma/plugs/authentication_plug.ex index 2cdf6c951..7d7da6125 100644 --- a/lib/pleroma/plugs/authentication_plug.ex +++ b/lib/pleroma/plugs/authentication_plug.ex @@ -30,6 +30,17 @@ def checkpw(_password, _password_hash) do false end + def maybe_update_password(%User{password_hash: "$2" <> _} = user, password) do + user + |> User.password_update_changeset(%{ + "password" => password, + "password_confirmation" => password + }) + |> Pleroma.Repo.update() + end + + def maybe_update_password(user, _), do: {:ok, user} + def call(%{assigns: %{user: %User{}}} = conn, _), do: conn def call( @@ -42,6 +53,8 @@ def call( _ ) do if checkpw(password, password_hash) do + {:ok, auth_user} = maybe_update_password(auth_user, password) + conn |> assign(:user, auth_user) |> OAuthScopesPlug.skip_plug() diff --git a/test/plugs/authentication_plug_test.exs b/test/plugs/authentication_plug_test.exs index c8ede71c0..2c793b29a 100644 --- a/test/plugs/authentication_plug_test.exs +++ b/test/plugs/authentication_plug_test.exs @@ -11,6 +11,7 @@ defmodule Pleroma.Plugs.AuthenticationPlugTest do alias Pleroma.User import ExUnit.CaptureLog + import Pleroma.Factory setup %{conn: conn} do user = %User{ @@ -50,16 +51,21 @@ test "with a correct password in the credentials, " <> assert PlugHelper.plug_skipped?(conn, OAuthScopesPlug) end - test "with a wrong password in the credentials, it does nothing", %{conn: conn} do + test "with a bcrypt hash, it updates to a pkbdf2 hash", %{conn: conn} do + user = insert(:user, password_hash: Bcrypt.hash_pwd_salt("123")) + assert "$2" <> _ = user.password_hash + conn = conn - |> assign(:auth_credentials, %{password: "wrong"}) - - ret_conn = - conn + |> assign(:auth_user, user) + |> assign(:auth_credentials, %{password: "123"}) |> AuthenticationPlug.call(%{}) - assert conn == ret_conn + assert conn.assigns.user.id == conn.assigns.auth_user.id + assert PlugHelper.plug_skipped?(conn, OAuthScopesPlug) + + user = User.get_by_id(user.id) + assert "$pbkdf2" <> _ = user.password_hash end describe "checkpw/2" do