lib/pleroma/password.ex

@@ -0,0 +1,51 @@
+defmodule Pleroma.Password do
+  @moduledoc """
+  This module handles password hashing and verification.
+  It will delegate to the appropriate module based on the password hash.
+  It also handles upgrading of password hashes.
+  """
+
+  alias Pleroma.User
+  alias Pleroma.Password.Pbkdf2
+
+  @hashing_module Argon2
+
+  defdelegate hash_pwd_salt, to: @hashing_module
+
+  @spec checkpw(String.t(), String.t()) :: boolean()
+  def checkpw(password, "$2" <> _ = password_hash) do
+    # Handle bcrypt passwords for Mastodon migration
+    Bcrypt.verify_pass(password, password_hash)
+  end
+
+  def checkpw(password, "$pbkdf2" <> _ = password_hash) do
+    Pbkdf2.verify_pass(password, password_hash)
+  end
+
+  def checkpw(password, "$argon2" <> _ = password_hash) do
+    Argon2.verify_pass(password, password_hash)
+  end
+
+  def checkpw(_password, _password_hash) do
+    Logger.error("Password hash not recognized")
+    false
+  end
+
+  def maybe_update_password(%User{password_hash: "$2" <> _} = user, password) do
+    do_update_password(user, password)
+  end
+
+  def maybe_update_password(%User{password_hash: "$6" <> _} = user, password) do
+    do_update_password(user, password)
+  end
+
+  def maybe_update_password(%User{password_hash: "$pbkdf2" <> _} = user, password) do
+    do_update_password(user, password)
+  end
+
+  def maybe_update_password(user, _), do: {:ok, user}
+
+  defp do_update_password(user, password) do
+    User.reset_password(user, %{password: password, password_confirmation: password})
+  end
+end