mirrors/pleroma
1
0
Fork 0
mirror of https://git.pleroma.social/pleroma/pleroma.git synced 2025-01-02 21:38:41 +00:00
Code Issues Projects Releases Wiki Activity

Authentication: convert argon2 passwords, add tests

Browse source
This commit is contained in:
Mint 2024-09-08 05:32:40 +03:00
parent c9b28eaf9a
commit 9de522ce50
2 changed files with 31 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
lib/pleroma/web/plugs/authentication_plug.ex
View file

@ -48,6 +48,7 @@ defmodule Pleroma.Web.Plugs.AuthenticationPlug do
end end
def checkpw(password, "$argon2" <> _ = password_hash) do def checkpw(password, "$argon2" <> _ = password_hash) do
# Handle argon2 passwords for Akkoma migration
Argon2.verify_pass(password, password_hash) Argon2.verify_pass(password, password_hash)
end end
@ -60,6 +61,10 @@ defmodule Pleroma.Web.Plugs.AuthenticationPlug do
do_update_password(user, password) do_update_password(user, password)
end end
def maybe_update_password(%User{password_hash: "$argon2" <> _} = user, password) do
do_update_password(user, password)
end
def maybe_update_password(user, _), do: {:ok, user} def maybe_update_password(user, _), do: {:ok, user}
defp do_update_password(user, password) do defp do_update_password(user, password) do

26
test/pleroma/web/plugs/authentication_plug_test.exs
View file

@ -70,6 +70,24 @@ defmodule Pleroma.Web.Plugs.AuthenticationPlugTest do
assert "$pbkdf2" <> _ = user.password_hash assert "$pbkdf2" <> _ = user.password_hash
end end
test "with an argon2 hash, it updates to a pkbdf2 hash", %{conn: conn} do
user = insert(:user, password_hash: Argon2.hash_pwd_salt("123"))
assert "$argon2" <> _ = user.password_hash
conn =
conn
|> assign(:auth_user, user)
|> assign(:auth_credentials, %{password: "123"})
|> AuthenticationPlug.call(%{})
assert conn.assigns.user.id == conn.assigns.auth_user.id
assert conn.assigns.token == nil
assert PlugHelper.plug_skipped?(conn, OAuthScopesPlug)
user = User.get_by_id(user.id)
assert "$pbkdf2" <> _ = user.password_hash
end
describe "checkpw/2" do describe "checkpw/2" do
test "check pbkdf2 hash" do test "check pbkdf2 hash" do
hash = hash =
@ -86,6 +104,14 @@ defmodule Pleroma.Web.Plugs.AuthenticationPlugTest do
refute AuthenticationPlug.checkpw("password1", hash) refute AuthenticationPlug.checkpw("password1", hash)
end end
test "check argon2 hash" do
hash =
"$argon2id$v=19$m=65536,t=8,p=2$zEMMsTuK5KkL5AFWbX7jyQ$VyaQD7PF6e9btz0oH1YiAkWwIGZ7WNDZP8l+a/O171g"
assert AuthenticationPlug.checkpw("password", hash)
refute AuthenticationPlug.checkpw("password1", hash)
end
test "it returns false when hash invalid" do test "it returns false when hash invalid" do
hash = hash =
"psBWV8gxkGOZWBz$PmfCycChoxeJ3GgGzwvhlgacb9mUoZ.KUXNCssekER4SJ7bOK53uXrHNb2e4i8yPFgSKyzaW9CcmrDXWIEMtD1" "psBWV8gxkGOZWBz$PmfCycChoxeJ3GgGzwvhlgacb9mUoZ.KUXNCssekER4SJ7bOK53uXrHNb2e4i8yPFgSKyzaW9CcmrDXWIEMtD1"