Update legacy passwords automatically.

lib/pleroma/plugs/legacy_authentication_plug.ex

@@ -17,11 +17,15 @@ def call(
         } = conn,
         _
       ) do
-    if :crypt.crypt(password, password_hash) == password_hash do
+    with ^password_hash <- :crypt.crypt(password, password_hash),
+         {:ok, user} <-
+           User.reset_password(auth_user, %{password: password, password_confirmation: password}) do
       conn
-      |> assign(:user, auth_user)
+      |> assign(:auth_user, user)
+      |> assign(:user, user)
     else
-      conn
+      _ ->
+        conn
     end
   end
 

test/plugs/legacy_authentication_plug_test.exs

@@ -4,6 +4,8 @@ defmodule Pleroma.Plugs.LegacyAuthenticationPlugTest do
   alias Pleroma.Plugs.LegacyAuthenticationPlug
   alias Pleroma.User
 
+  import Mock
+
   setup do
     # password is "password"
     user = %User{
@@ -30,19 +32,27 @@ test "it does nothing if a user is assigned", %{conn: conn, user: user} do
     assert ret_conn == conn
   end
 
-  test "it authenticates the auth_user if present and password is correct", %{
+  test "it authenticates the auth_user if present and password is correct and resets the password",
-    conn: conn,
+       %{
-    user: user
+         conn: conn,
-  } do
+         user: user
+       } do
     conn =
       conn
       |> assign(:auth_credentials, %{username: "dude", password: "password"})
       |> assign(:auth_user, user)
 
     conn =
-      conn
+      with_mock User,
-      |> LegacyAuthenticationPlug.call(%{})
+        reset_password: fn user, %{password: password, password_confirmation: password} ->
+          send(self, :reset_password)
+          {:ok, user}
+        end do
+        conn
+        |> LegacyAuthenticationPlug.call(%{})
+      end
 
+    assert_received :reset_password
     assert conn.assigns.user == user
   end