Password: Replace Pbkdf2 with Password.

2021-01-13 15:11:11 +01:00 · 2021-01-13 15:11:11 +01:00 · 9106048c61
parent c7cd9bd591
commit 9106048c61
18 changed files with 29 additions and 30 deletions
--- a/benchmarks/load_testing/users.ex
+++ b/benchmarks/load_testing/users.ex
@ -55,7 +55,7 @@ defmodule Pleroma.LoadTesting.Users do
      name: "Test テスト User #{i}",
      email: "user#{i}@example.com",
      nickname: "nick#{i}",
-      password_hash: Pbkdf2.hash_pwd_salt("test"),
+      password_hash: Pleroma.Password.hash_pwd_salt("test"),
      bio: "Tester Number #{i}",
      local: !remote
    }
--- a/lib/pleroma/mfa.ex
+++ b/lib/pleroma/mfa.ex
@ -71,7 +71,7 @@ defmodule Pleroma.MFA do
  @spec generate_backup_codes(User.t()) :: {:ok, list(binary)} | {:error, String.t()}
  def generate_backup_codes(%User{} = user) do
    with codes <- BackupCodes.generate(),
-         hashed_codes <- Enum.map(codes, &Pbkdf2.hash_pwd_salt/1),
+         hashed_codes <- Enum.map(codes, &Pleroma.Password.hash_pwd_salt/1),
         changeset <- Changeset.cast_backup_codes(user, hashed_codes),
         {:ok, _} <- User.update_and_set_cache(changeset) do
      {:ok, codes}
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@ -2187,7 +2187,7 @@ defmodule Pleroma.User do
  defp put_password_hash(
         %Ecto.Changeset{valid?: true, changes: %{password: password}} = changeset
       ) do
-    change(changeset, password_hash: Pbkdf2.hash_pwd_salt(password))
+    change(changeset, password_hash: Pleroma.Password.hash_pwd_salt(password))
  end
  defp put_password_hash(changeset), do: changeset
--- a/lib/pleroma/web/plugs/authentication_plug.ex
+++ b/lib/pleroma/web/plugs/authentication_plug.ex
@ -48,7 +48,7 @@ defmodule Pleroma.Web.Plugs.AuthenticationPlug do
  end
  def checkpw(password, "$pbkdf2" <> _ = password_hash) do
-    Pbkdf2.verify_pass(password, password_hash)
+    Pleroma.Password.verify_pass(password, password_hash)
  end
  def checkpw(_password, _password_hash) do
--- a/mix.exs
+++ b/mix.exs
@ -125,7 +125,6 @@ defmodule Pleroma.Mixfile do
      {:postgrex, ">= 0.15.5"},
      {:oban, "~> 2.1.0"},
      {:gettext, "~> 0.18"},
      {:pbkdf2_elixir, "~> 1.2"},
      {:bcrypt_elixir, "~> 2.2"},
      {:trailing_format_plug, "~> 0.0.7"},
      {:fast_sanitize, "~> 0.2.0"},
--- a/test/pleroma/mfa_test.exs
+++ b/test/pleroma/mfa_test.exs
@ -30,8 +30,8 @@ defmodule Pleroma.MFATest do
      {:ok, [code1, code2]} = MFA.generate_backup_codes(user)
      updated_user = refresh_record(user)
      [hash1, hash2] = updated_user.multi_factor_authentication_settings.backup_codes
-      assert Pbkdf2.verify_pass(code1, hash1)
+      assert Pleroma.Password.verify_pass(code1, hash1)
-      assert Pbkdf2.verify_pass(code2, hash2)
+      assert Pleroma.Password.verify_pass(code2, hash2)
    end
  end
--- a/test/pleroma/web/auth/basic_auth_test.exs
+++ b/test/pleroma/web/auth/basic_auth_test.exs
@ -11,7 +11,7 @@ defmodule Pleroma.Web.Auth.BasicAuthTest do
    conn: conn
  } do
    user = insert(:user)
-    assert Pbkdf2.verify_pass("test", user.password_hash)
+    assert Pleroma.Password.verify_pass("test", user.password_hash)
    basic_auth_contents =
      (URI.encode_www_form(user.nickname) <> ":" <> URI.encode_www_form("test"))
--- a/test/pleroma/web/auth/pleroma_authenticator_test.exs
+++ b/test/pleroma/web/auth/pleroma_authenticator_test.exs
@ -11,7 +11,7 @@ defmodule Pleroma.Web.Auth.PleromaAuthenticatorTest do
  setup do
    password = "testpassword"
    name = "AgentSmith"
-    user = insert(:user, nickname: name, password_hash: Pbkdf2.hash_pwd_salt(password))
+    user = insert(:user, nickname: name, password_hash: Pleroma.Password.hash_pwd_salt(password))
    {:ok, [user: user, name: name, password: password]}
  end
--- a/test/pleroma/web/auth/totp_authenticator_test.exs
+++ b/test/pleroma/web/auth/totp_authenticator_test.exs
@ -34,7 +34,7 @@ defmodule Pleroma.Web.Auth.TOTPAuthenticatorTest do
    hashed_codes =
      backup_codes
-      |> Enum.map(&Pbkdf2.hash_pwd_salt(&1))
+      |> Enum.map(&Pleroma.Password.hash_pwd_salt(&1))
    user =
      insert(:user,
--- a/test/pleroma/web/mongoose_im_controller_test.exs
+++ b/test/pleroma/web/mongoose_im_controller_test.exs
@ -41,13 +41,13 @@ defmodule Pleroma.Web.MongooseIMControllerTest do
  end
  test "/check_password", %{conn: conn} do
-    user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt("cool"))
+    user = insert(:user, password_hash: Pleroma.Password.hash_pwd_salt("cool"))
    _deactivated_user =
      insert(:user,
        nickname: "konata",
        deactivated: true,
-        password_hash: Pbkdf2.hash_pwd_salt("cool")
+        password_hash: Pleroma.Password.hash_pwd_salt("cool")
      )
    res =
--- a/test/pleroma/web/o_auth/ldap_authorization_test.exs
+++ b/test/pleroma/web/o_auth/ldap_authorization_test.exs
@ -18,7 +18,7 @@ defmodule Pleroma.Web.OAuth.LDAPAuthorizationTest do
  @tag @skip
  test "authorizes the existing user using LDAP credentials" do
    password = "testpassword"
-    user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt(password))
+    user = insert(:user, password_hash: Pleroma.Password.hash_pwd_salt(password))
    app = insert(:oauth_app, scopes: ["read", "write"])
    host = Pleroma.Config.get([:ldap, :host]) |> to_charlist
@ -101,7 +101,7 @@ defmodule Pleroma.Web.OAuth.LDAPAuthorizationTest do
  @tag @skip
  test "disallow authorization for wrong LDAP credentials" do
    password = "testpassword"
-    user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt(password))
+    user = insert(:user, password_hash: Pleroma.Password.hash_pwd_salt(password))
    app = insert(:oauth_app, scopes: ["read", "write"])
    host = Pleroma.Config.get([:ldap, :host]) |> to_charlist
--- a/test/pleroma/web/o_auth/mfa_controller_test.exs
+++ b/test/pleroma/web/o_auth/mfa_controller_test.exs
@ -20,7 +20,7 @@ defmodule Pleroma.Web.OAuth.MFAControllerTest do
      insert(:user,
        multi_factor_authentication_settings: %MFA.Settings{
          enabled: true,
-          backup_codes: [Pbkdf2.hash_pwd_salt("test-code")],
+          backup_codes: [Pleroma.Password.hash_pwd_salt("test-code")],
          totp: %MFA.Settings.TOTP{secret: otp_secret, confirmed: true}
        }
      )
@ -246,7 +246,7 @@ defmodule Pleroma.Web.OAuth.MFAControllerTest do
      hashed_codes =
        backup_codes
-        |> Enum.map(&Pbkdf2.hash_pwd_salt(&1))
+        |> Enum.map(&Pleroma.Password.hash_pwd_salt(&1))
      user =
        insert(:user,
--- a/test/pleroma/web/o_auth/o_auth_controller_test.exs
+++ b/test/pleroma/web/o_auth/o_auth_controller_test.exs
@ -316,7 +316,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
           app: app,
           conn: conn
         } do
-      user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt("testpassword"))
+      user = insert(:user, password_hash: Pleroma.Password.hash_pwd_salt("testpassword"))
      registration = insert(:registration, user: nil)
      redirect_uri = OAuthController.default_redirect_uri(app)
@ -347,7 +347,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
           app: app,
           conn: conn
         } do
-      user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt("testpassword"))
+      user = insert(:user, password_hash: Pleroma.Password.hash_pwd_salt("testpassword"))
      registration = insert(:registration, user: nil)
      unlisted_redirect_uri = "http://cross-site-request.com"
@ -790,7 +790,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
    test "issues a token for `password` grant_type with valid credentials, with full permissions by default" do
      password = "testpassword"
-      user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt(password))
+      user = insert(:user, password_hash: Pleroma.Password.hash_pwd_salt(password))
      app = insert(:oauth_app, scopes: ["read", "write"])
@ -818,7 +818,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
      user =
        insert(:user,
-          password_hash: Pbkdf2.hash_pwd_salt(password),
+          password_hash: Pleroma.Password.hash_pwd_salt(password),
          multi_factor_authentication_settings: %MFA.Settings{
            enabled: true,
            totp: %MFA.Settings.TOTP{secret: otp_secret, confirmed: true}
@ -927,7 +927,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
      password = "testpassword"
      {:ok, user} =
-        insert(:user, password_hash: Pbkdf2.hash_pwd_salt(password))
+        insert(:user, password_hash: Pleroma.Password.hash_pwd_salt(password))
        |> User.confirmation_changeset(need_confirmation: true)
        |> User.update_and_set_cache()
@ -955,7 +955,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
      user =
        insert(:user,
-          password_hash: Pbkdf2.hash_pwd_salt(password),
+          password_hash: Pleroma.Password.hash_pwd_salt(password),
          deactivated: true
        )
@ -983,7 +983,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
      user =
        insert(:user,
-          password_hash: Pbkdf2.hash_pwd_salt(password),
+          password_hash: Pleroma.Password.hash_pwd_salt(password),
          password_reset_pending: true
        )
@ -1012,7 +1012,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
      user =
        insert(:user,
-          password_hash: Pbkdf2.hash_pwd_salt(password),
+          password_hash: Pleroma.Password.hash_pwd_salt(password),
          confirmation_pending: true
        )
@ -1038,7 +1038,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
    test "rejects token exchange for valid credentials belonging to an unapproved user" do
      password = "testpassword"
-      user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt(password), approval_pending: true)
+      user = insert(:user, password_hash: Pleroma.Password.hash_pwd_salt(password), approval_pending: true)
      refute Pleroma.User.account_status(user) == :active
--- a/test/pleroma/web/plugs/authentication_plug_test.exs
+++ b/test/pleroma/web/plugs/authentication_plug_test.exs
@ -17,7 +17,7 @@ defmodule Pleroma.Web.Plugs.AuthenticationPlugTest do
    user = %User{
      id: 1,
      name: "dude",
-      password_hash: Pbkdf2.hash_pwd_salt("guy")
+      password_hash: Pleroma.Password.hash_pwd_salt("guy")
    }
    conn =
--- a/test/pleroma/web/twitter_api/password_controller_test.exs
+++ b/test/pleroma/web/twitter_api/password_controller_test.exs
@ -92,7 +92,7 @@ defmodule Pleroma.Web.TwitterAPI.PasswordControllerTest do
      assert response =~ "<h2>Password changed!</h2>"
      user = refresh_record(user)
-      assert Pbkdf2.verify_pass("test", user.password_hash)
+      assert Pleroma.Password.verify_pass("test", user.password_hash)
      assert Enum.empty?(Token.get_user_tokens(user))
    end
--- a/test/pleroma/web/twitter_api/util_controller_test.exs
+++ b/test/pleroma/web/twitter_api/util_controller_test.exs
@ -397,7 +397,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
      assert json_response(conn, 200) == %{"status" => "success"}
      fetched_user = User.get_cached_by_id(user.id)
-      assert Pbkdf2.verify_pass("newpass", fetched_user.password_hash) == true
+      assert Pleroma.Password.verify_pass("newpass", fetched_user.password_hash) == true
    end
  end
--- a/test/support/builders/user_builder.ex
+++ b/test/support/builders/user_builder.ex
@ -7,7 +7,7 @@ defmodule Pleroma.Builders.UserBuilder do
      email: "test@example.org",
      name: "Test Name",
      nickname: "testname",
-      password_hash: Pbkdf2.hash_pwd_salt("test"),
+      password_hash: Pleroma.Password.hash_pwd_salt("test"),
      bio: "A tester.",
      ap_id: "some id",
      last_digest_emailed_at: NaiveDateTime.truncate(NaiveDateTime.utc_now(), :second),
--- a/test/support/factory.ex
+++ b/test/support/factory.ex
@ -29,7 +29,7 @@ defmodule Pleroma.Factory do
      name: sequence(:name, &"Test テスト User #{&1}"),
      email: sequence(:email, &"user#{&1}@example.com"),
      nickname: sequence(:nickname, &"nick#{&1}"),
-      password_hash: Pbkdf2.hash_pwd_salt("test"),
+      password_hash: Pleroma.Password.hash_pwd_salt("test"),
      bio: sequence(:bio, &"Tester Number #{&1}"),
      is_discoverable: true,
      last_digest_emailed_at: NaiveDateTime.utc_now(),