forked from AkkomaGang/akkoma
Merge branch 'upgrade-comeonin' into 'develop'
Upgrade Comeonin to v5 See merge request pleroma/pleroma!2523
This commit is contained in:
commit
3210e939bf
22 changed files with 37 additions and 45 deletions
|
@ -55,7 +55,7 @@ defp generate_user(i) do
|
||||||
name: "Test テスト User #{i}",
|
name: "Test テスト User #{i}",
|
||||||
email: "user#{i}@example.com",
|
email: "user#{i}@example.com",
|
||||||
nickname: "nick#{i}",
|
nickname: "nick#{i}",
|
||||||
password_hash: Comeonin.Pbkdf2.hashpwsalt("test"),
|
password_hash: Pbkdf2.hash_pwd_salt("test"),
|
||||||
bio: "Tester Number #{i}",
|
bio: "Tester Number #{i}",
|
||||||
local: !remote
|
local: !remote
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,7 +4,6 @@
|
||||||
|
|
||||||
defmodule Pleroma.BBS.Authenticator do
|
defmodule Pleroma.BBS.Authenticator do
|
||||||
use Sshd.PasswordAuthenticator
|
use Sshd.PasswordAuthenticator
|
||||||
alias Comeonin.Pbkdf2
|
|
||||||
alias Pleroma.User
|
alias Pleroma.User
|
||||||
|
|
||||||
def authenticate(username, password) do
|
def authenticate(username, password) do
|
||||||
|
@ -12,7 +11,7 @@ def authenticate(username, password) do
|
||||||
password = to_string(password)
|
password = to_string(password)
|
||||||
|
|
||||||
with %User{} = user <- User.get_by_nickname(username) do
|
with %User{} = user <- User.get_by_nickname(username) do
|
||||||
Pbkdf2.checkpw(password, user.password_hash)
|
Pbkdf2.verify_pass(password, user.password_hash)
|
||||||
else
|
else
|
||||||
_e -> false
|
_e -> false
|
||||||
end
|
end
|
||||||
|
|
|
@ -7,7 +7,6 @@ defmodule Pleroma.MFA do
|
||||||
The MFA context.
|
The MFA context.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
alias Comeonin.Pbkdf2
|
|
||||||
alias Pleroma.User
|
alias Pleroma.User
|
||||||
|
|
||||||
alias Pleroma.MFA.BackupCodes
|
alias Pleroma.MFA.BackupCodes
|
||||||
|
@ -72,7 +71,7 @@ def invalidate_backup_code(%User{} = user, hash_code) do
|
||||||
@spec generate_backup_codes(User.t()) :: {:ok, list(binary)} | {:error, String.t()}
|
@spec generate_backup_codes(User.t()) :: {:ok, list(binary)} | {:error, String.t()}
|
||||||
def generate_backup_codes(%User{} = user) do
|
def generate_backup_codes(%User{} = user) do
|
||||||
with codes <- BackupCodes.generate(),
|
with codes <- BackupCodes.generate(),
|
||||||
hashed_codes <- Enum.map(codes, &Pbkdf2.hashpwsalt/1),
|
hashed_codes <- Enum.map(codes, &Pbkdf2.hash_pwd_salt/1),
|
||||||
changeset <- Changeset.cast_backup_codes(user, hashed_codes),
|
changeset <- Changeset.cast_backup_codes(user, hashed_codes),
|
||||||
{:ok, _} <- User.update_and_set_cache(changeset) do
|
{:ok, _} <- User.update_and_set_cache(changeset) do
|
||||||
{:ok, codes}
|
{:ok, codes}
|
||||||
|
|
|
@ -3,7 +3,6 @@
|
||||||
# SPDX-License-Identifier: AGPL-3.0-only
|
# SPDX-License-Identifier: AGPL-3.0-only
|
||||||
|
|
||||||
defmodule Pleroma.Plugs.AuthenticationPlug do
|
defmodule Pleroma.Plugs.AuthenticationPlug do
|
||||||
alias Comeonin.Pbkdf2
|
|
||||||
alias Pleroma.Plugs.OAuthScopesPlug
|
alias Pleroma.Plugs.OAuthScopesPlug
|
||||||
alias Pleroma.User
|
alias Pleroma.User
|
||||||
|
|
||||||
|
@ -18,7 +17,7 @@ def checkpw(password, "$6" <> _ = password_hash) do
|
||||||
end
|
end
|
||||||
|
|
||||||
def checkpw(password, "$pbkdf2" <> _ = password_hash) do
|
def checkpw(password, "$pbkdf2" <> _ = password_hash) do
|
||||||
Pbkdf2.checkpw(password, password_hash)
|
Pbkdf2.verify_pass(password, password_hash)
|
||||||
end
|
end
|
||||||
|
|
||||||
def checkpw(_password, _password_hash) do
|
def checkpw(_password, _password_hash) do
|
||||||
|
@ -37,7 +36,7 @@ def call(
|
||||||
} = conn,
|
} = conn,
|
||||||
_
|
_
|
||||||
) do
|
) do
|
||||||
if Pbkdf2.checkpw(password, password_hash) do
|
if Pbkdf2.verify_pass(password, password_hash) do
|
||||||
conn
|
conn
|
||||||
|> assign(:user, auth_user)
|
|> assign(:user, auth_user)
|
||||||
|> OAuthScopesPlug.skip_plug()
|
|> OAuthScopesPlug.skip_plug()
|
||||||
|
@ -47,7 +46,7 @@ def call(
|
||||||
end
|
end
|
||||||
|
|
||||||
def call(%{assigns: %{auth_credentials: %{password: _}}} = conn, _) do
|
def call(%{assigns: %{auth_credentials: %{password: _}}} = conn, _) do
|
||||||
Pbkdf2.dummy_checkpw()
|
Pbkdf2.no_user_verify()
|
||||||
conn
|
conn
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -9,7 +9,6 @@ defmodule Pleroma.User do
|
||||||
import Ecto.Query
|
import Ecto.Query
|
||||||
import Ecto, only: [assoc: 2]
|
import Ecto, only: [assoc: 2]
|
||||||
|
|
||||||
alias Comeonin.Pbkdf2
|
|
||||||
alias Ecto.Multi
|
alias Ecto.Multi
|
||||||
alias Pleroma.Activity
|
alias Pleroma.Activity
|
||||||
alias Pleroma.Config
|
alias Pleroma.Config
|
||||||
|
@ -1926,7 +1925,7 @@ def get_ap_ids_by_nicknames(nicknames) do
|
||||||
defp put_password_hash(
|
defp put_password_hash(
|
||||||
%Ecto.Changeset{valid?: true, changes: %{password: password}} = changeset
|
%Ecto.Changeset{valid?: true, changes: %{password: password}} = changeset
|
||||||
) do
|
) do
|
||||||
change(changeset, password_hash: Pbkdf2.hashpwsalt(password))
|
change(changeset, password_hash: Pbkdf2.hash_pwd_salt(password))
|
||||||
end
|
end
|
||||||
|
|
||||||
defp put_password_hash(changeset), do: changeset
|
defp put_password_hash(changeset), do: changeset
|
||||||
|
|
|
@ -3,7 +3,6 @@
|
||||||
# SPDX-License-Identifier: AGPL-3.0-only
|
# SPDX-License-Identifier: AGPL-3.0-only
|
||||||
|
|
||||||
defmodule Pleroma.Web.Auth.TOTPAuthenticator do
|
defmodule Pleroma.Web.Auth.TOTPAuthenticator do
|
||||||
alias Comeonin.Pbkdf2
|
|
||||||
alias Pleroma.MFA
|
alias Pleroma.MFA
|
||||||
alias Pleroma.MFA.TOTP
|
alias Pleroma.MFA.TOTP
|
||||||
alias Pleroma.User
|
alias Pleroma.User
|
||||||
|
@ -31,7 +30,7 @@ def verify_recovery_code(
|
||||||
code
|
code
|
||||||
)
|
)
|
||||||
when is_list(codes) and is_binary(code) do
|
when is_list(codes) and is_binary(code) do
|
||||||
hash_code = Enum.find(codes, fn hash -> Pbkdf2.checkpw(code, hash) end)
|
hash_code = Enum.find(codes, fn hash -> Pbkdf2.verify_pass(code, hash) end)
|
||||||
|
|
||||||
if hash_code do
|
if hash_code do
|
||||||
MFA.invalidate_backup_code(user, hash_code)
|
MFA.invalidate_backup_code(user, hash_code)
|
||||||
|
|
|
@ -5,7 +5,6 @@
|
||||||
defmodule Pleroma.Web.MongooseIM.MongooseIMController do
|
defmodule Pleroma.Web.MongooseIM.MongooseIMController do
|
||||||
use Pleroma.Web, :controller
|
use Pleroma.Web, :controller
|
||||||
|
|
||||||
alias Comeonin.Pbkdf2
|
|
||||||
alias Pleroma.Plugs.RateLimiter
|
alias Pleroma.Plugs.RateLimiter
|
||||||
alias Pleroma.Repo
|
alias Pleroma.Repo
|
||||||
alias Pleroma.User
|
alias Pleroma.User
|
||||||
|
@ -28,7 +27,7 @@ def user_exists(conn, %{"user" => username}) do
|
||||||
def check_password(conn, %{"user" => username, "pass" => password}) do
|
def check_password(conn, %{"user" => username, "pass" => password}) do
|
||||||
with %User{password_hash: password_hash, deactivated: false} <-
|
with %User{password_hash: password_hash, deactivated: false} <-
|
||||||
Repo.get_by(User, nickname: username, local: true),
|
Repo.get_by(User, nickname: username, local: true),
|
||||||
true <- Pbkdf2.checkpw(password, password_hash) do
|
true <- Pbkdf2.verify_pass(password, password_hash) do
|
||||||
conn
|
conn
|
||||||
|> json(true)
|
|> json(true)
|
||||||
else
|
else
|
||||||
|
|
3
mix.exs
3
mix.exs
|
@ -126,8 +126,7 @@ defp deps do
|
||||||
{:postgrex, ">= 0.13.5"},
|
{:postgrex, ">= 0.13.5"},
|
||||||
{:oban, "~> 1.2"},
|
{:oban, "~> 1.2"},
|
||||||
{:gettext, "~> 0.15"},
|
{:gettext, "~> 0.15"},
|
||||||
{:comeonin, "~> 4.1.1"},
|
{:pbkdf2_elixir, "~> 1.0"},
|
||||||
{:pbkdf2_elixir, "~> 0.12.3"},
|
|
||||||
{:trailing_format_plug, "~> 0.0.7"},
|
{:trailing_format_plug, "~> 0.0.7"},
|
||||||
{:fast_sanitize, "~> 0.1"},
|
{:fast_sanitize, "~> 0.1"},
|
||||||
{:html_entities, "~> 0.5", override: true},
|
{:html_entities, "~> 0.5", override: true},
|
||||||
|
|
4
mix.lock
4
mix.lock
|
@ -13,7 +13,7 @@
|
||||||
"castore": {:hex, :castore, "0.1.5", "591c763a637af2cc468a72f006878584bc6c306f8d111ef8ba1d4c10e0684010", [:mix], [], "hexpm", "6db356b2bc6cc22561e051ff545c20ad064af57647e436650aa24d7d06cd941a"},
|
"castore": {:hex, :castore, "0.1.5", "591c763a637af2cc468a72f006878584bc6c306f8d111ef8ba1d4c10e0684010", [:mix], [], "hexpm", "6db356b2bc6cc22561e051ff545c20ad064af57647e436650aa24d7d06cd941a"},
|
||||||
"certifi": {:hex, :certifi, "2.5.1", "867ce347f7c7d78563450a18a6a28a8090331e77fa02380b4a21962a65d36ee5", [:rebar3], [{:parse_trans, "~>3.3", [hex: :parse_trans, repo: "hexpm", optional: false]}], "hexpm", "805abd97539caf89ec6d4732c91e62ba9da0cda51ac462380bbd28ee697a8c42"},
|
"certifi": {:hex, :certifi, "2.5.1", "867ce347f7c7d78563450a18a6a28a8090331e77fa02380b4a21962a65d36ee5", [:rebar3], [{:parse_trans, "~>3.3", [hex: :parse_trans, repo: "hexpm", optional: false]}], "hexpm", "805abd97539caf89ec6d4732c91e62ba9da0cda51ac462380bbd28ee697a8c42"},
|
||||||
"combine": {:hex, :combine, "0.10.0", "eff8224eeb56498a2af13011d142c5e7997a80c8f5b97c499f84c841032e429f", [:mix], [], "hexpm", "1b1dbc1790073076580d0d1d64e42eae2366583e7aecd455d1215b0d16f2451b"},
|
"combine": {:hex, :combine, "0.10.0", "eff8224eeb56498a2af13011d142c5e7997a80c8f5b97c499f84c841032e429f", [:mix], [], "hexpm", "1b1dbc1790073076580d0d1d64e42eae2366583e7aecd455d1215b0d16f2451b"},
|
||||||
"comeonin": {:hex, :comeonin, "4.1.2", "3eb5620fd8e35508991664b4c2b04dd41e52f1620b36957be837c1d7784b7592", [:mix], [{:argon2_elixir, "~> 1.2", [hex: :argon2_elixir, repo: "hexpm", optional: true]}, {:bcrypt_elixir, "~> 0.12.1 or ~> 1.0", [hex: :bcrypt_elixir, repo: "hexpm", optional: true]}, {:pbkdf2_elixir, "~> 0.12", [hex: :pbkdf2_elixir, repo: "hexpm", optional: true]}], "hexpm", "d8700a0ca4dbb616c22c9b3f6dd539d88deaafec3efe66869d6370c9a559b3e9"},
|
"comeonin": {:hex, :comeonin, "5.3.1", "7fe612b739c78c9c1a75186ef2d322ce4d25032d119823269d0aa1e2f1e20025", [:mix], [], "hexpm", "d6222483060c17f0977fad1b7401ef0c5863c985a64352755f366aee3799c245"},
|
||||||
"connection": {:hex, :connection, "1.0.4", "a1cae72211f0eef17705aaededacac3eb30e6625b04a6117c1b2db6ace7d5976", [:mix], [], "hexpm", "4a0850c9be22a43af9920a71ab17c051f5f7d45c209e40269a1938832510e4d9"},
|
"connection": {:hex, :connection, "1.0.4", "a1cae72211f0eef17705aaededacac3eb30e6625b04a6117c1b2db6ace7d5976", [:mix], [], "hexpm", "4a0850c9be22a43af9920a71ab17c051f5f7d45c209e40269a1938832510e4d9"},
|
||||||
"cors_plug": {:hex, :cors_plug, "1.5.2", "72df63c87e4f94112f458ce9d25800900cc88608c1078f0e4faddf20933eda6e", [:mix], [{:plug, "~> 1.3 or ~> 1.4 or ~> 1.5", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "9af027d20dc12dd0c4345a6b87247e0c62965871feea0bfecf9764648b02cc69"},
|
"cors_plug": {:hex, :cors_plug, "1.5.2", "72df63c87e4f94112f458ce9d25800900cc88608c1078f0e4faddf20933eda6e", [:mix], [{:plug, "~> 1.3 or ~> 1.4 or ~> 1.5", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "9af027d20dc12dd0c4345a6b87247e0c62965871feea0bfecf9764648b02cc69"},
|
||||||
"cowboy": {:hex, :cowboy, "2.7.0", "91ed100138a764355f43316b1d23d7ff6bdb0de4ea618cb5d8677c93a7a2f115", [:rebar3], [{:cowlib, "~> 2.8.0", [hex: :cowlib, repo: "hexpm", optional: false]}, {:ranch, "~> 1.7.1", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm", "04fd8c6a39edc6aaa9c26123009200fc61f92a3a94f3178c527b70b767c6e605"},
|
"cowboy": {:hex, :cowboy, "2.7.0", "91ed100138a764355f43316b1d23d7ff6bdb0de4ea618cb5d8677c93a7a2f115", [:rebar3], [{:cowlib, "~> 2.8.0", [hex: :cowlib, repo: "hexpm", optional: false]}, {:ranch, "~> 1.7.1", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm", "04fd8c6a39edc6aaa9c26123009200fc61f92a3a94f3178c527b70b767c6e605"},
|
||||||
|
@ -76,7 +76,7 @@
|
||||||
"oban": {:hex, :oban, "1.2.0", "7cca94d341be43d220571e28f69131c4afc21095b25257397f50973d3fc59b07", [:mix], [{:ecto_sql, "~> 3.1", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:jason, "~> 1.1", [hex: :jason, repo: "hexpm", optional: false]}, {:postgrex, "~> 0.14", [hex: :postgrex, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "ba5f8b3f7d76967b3e23cf8014f6a13e4ccb33431e4808f036709a7f822362ee"},
|
"oban": {:hex, :oban, "1.2.0", "7cca94d341be43d220571e28f69131c4afc21095b25257397f50973d3fc59b07", [:mix], [{:ecto_sql, "~> 3.1", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:jason, "~> 1.1", [hex: :jason, repo: "hexpm", optional: false]}, {:postgrex, "~> 0.14", [hex: :postgrex, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "ba5f8b3f7d76967b3e23cf8014f6a13e4ccb33431e4808f036709a7f822362ee"},
|
||||||
"open_api_spex": {:git, "https://git.pleroma.social/pleroma/elixir-libraries/open_api_spex.git", "b862ebd78de0df95875cf46feb6e9607130dc2a8", [ref: "b862ebd78de0df95875cf46feb6e9607130dc2a8"]},
|
"open_api_spex": {:git, "https://git.pleroma.social/pleroma/elixir-libraries/open_api_spex.git", "b862ebd78de0df95875cf46feb6e9607130dc2a8", [ref: "b862ebd78de0df95875cf46feb6e9607130dc2a8"]},
|
||||||
"parse_trans": {:hex, :parse_trans, "3.3.0", "09765507a3c7590a784615cfd421d101aec25098d50b89d7aa1d66646bc571c1", [:rebar3], [], "hexpm", "17ef63abde837ad30680ea7f857dd9e7ced9476cdd7b0394432af4bfc241b960"},
|
"parse_trans": {:hex, :parse_trans, "3.3.0", "09765507a3c7590a784615cfd421d101aec25098d50b89d7aa1d66646bc571c1", [:rebar3], [], "hexpm", "17ef63abde837ad30680ea7f857dd9e7ced9476cdd7b0394432af4bfc241b960"},
|
||||||
"pbkdf2_elixir": {:hex, :pbkdf2_elixir, "0.12.4", "8dd29ed783f2e12195d7e0a4640effc0a7c37e6537da491f1db01839eee6d053", [:mix], [], "hexpm", "595d09db74cb093b1903381c9de423276a931a2480a46a1a5dc7f932a2a6375b"},
|
"pbkdf2_elixir": {:hex, :pbkdf2_elixir, "1.2.1", "9cbe354b58121075bd20eb83076900a3832324b7dd171a6895fab57b6bb2752c", [:mix], [{:comeonin, "~> 5.3", [hex: :comeonin, repo: "hexpm", optional: false]}], "hexpm", "d3b40a4a4630f0b442f19eca891fcfeeee4c40871936fed2f68e1c4faa30481f"},
|
||||||
"phoenix": {:hex, :phoenix, "1.4.13", "67271ad69b51f3719354604f4a3f968f83aa61c19199343656c9caee057ff3b8", [:mix], [{:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:phoenix_pubsub, "~> 1.1", [hex: :phoenix_pubsub, repo: "hexpm", optional: false]}, {:plug, "~> 1.8.1 or ~> 1.9", [hex: :plug, repo: "hexpm", optional: false]}, {:plug_cowboy, "~> 1.0 or ~> 2.0", [hex: :plug_cowboy, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "ab765a0feddb81fc62e2116c827b5f068df85159c162bee760745276ad7ddc1b"},
|
"phoenix": {:hex, :phoenix, "1.4.13", "67271ad69b51f3719354604f4a3f968f83aa61c19199343656c9caee057ff3b8", [:mix], [{:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:phoenix_pubsub, "~> 1.1", [hex: :phoenix_pubsub, repo: "hexpm", optional: false]}, {:plug, "~> 1.8.1 or ~> 1.9", [hex: :plug, repo: "hexpm", optional: false]}, {:plug_cowboy, "~> 1.0 or ~> 2.0", [hex: :plug_cowboy, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "ab765a0feddb81fc62e2116c827b5f068df85159c162bee760745276ad7ddc1b"},
|
||||||
"phoenix_ecto": {:hex, :phoenix_ecto, "4.1.0", "a044d0756d0464c5a541b4a0bf4bcaf89bffcaf92468862408290682c73ae50d", [:mix], [{:ecto, "~> 3.0", [hex: :ecto, repo: "hexpm", optional: false]}, {:phoenix_html, "~> 2.9", [hex: :phoenix_html, repo: "hexpm", optional: true]}, {:plug, "~> 1.0", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "c5e666a341ff104d0399d8f0e4ff094559b2fde13a5985d4cb5023b2c2ac558b"},
|
"phoenix_ecto": {:hex, :phoenix_ecto, "4.1.0", "a044d0756d0464c5a541b4a0bf4bcaf89bffcaf92468862408290682c73ae50d", [:mix], [{:ecto, "~> 3.0", [hex: :ecto, repo: "hexpm", optional: false]}, {:phoenix_html, "~> 2.9", [hex: :phoenix_html, repo: "hexpm", optional: true]}, {:plug, "~> 1.0", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "c5e666a341ff104d0399d8f0e4ff094559b2fde13a5985d4cb5023b2c2ac558b"},
|
||||||
"phoenix_html": {:hex, :phoenix_html, "2.14.0", "d8c6bc28acc8e65f8ea0080ee05aa13d912c8758699283b8d3427b655aabe284", [:mix], [{:plug, "~> 1.5", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "b0bb30eda478a06dbfbe96728061a93833db3861a49ccb516f839ecb08493fbb"},
|
"phoenix_html": {:hex, :phoenix_html, "2.14.0", "d8c6bc28acc8e65f8ea0080ee05aa13d912c8758699283b8d3427b655aabe284", [:mix], [{:plug, "~> 1.5", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "b0bb30eda478a06dbfbe96728061a93833db3861a49ccb516f839ecb08493fbb"},
|
||||||
|
|
|
@ -6,7 +6,6 @@ defmodule Pleroma.MFATest do
|
||||||
use Pleroma.DataCase
|
use Pleroma.DataCase
|
||||||
|
|
||||||
import Pleroma.Factory
|
import Pleroma.Factory
|
||||||
alias Comeonin.Pbkdf2
|
|
||||||
alias Pleroma.MFA
|
alias Pleroma.MFA
|
||||||
|
|
||||||
describe "mfa_settings" do
|
describe "mfa_settings" do
|
||||||
|
@ -31,8 +30,8 @@ test "returns backup codes" do
|
||||||
{:ok, [code1, code2]} = MFA.generate_backup_codes(user)
|
{:ok, [code1, code2]} = MFA.generate_backup_codes(user)
|
||||||
updated_user = refresh_record(user)
|
updated_user = refresh_record(user)
|
||||||
[hash1, hash2] = updated_user.multi_factor_authentication_settings.backup_codes
|
[hash1, hash2] = updated_user.multi_factor_authentication_settings.backup_codes
|
||||||
assert Pbkdf2.checkpw(code1, hash1)
|
assert Pbkdf2.verify_pass(code1, hash1)
|
||||||
assert Pbkdf2.checkpw(code2, hash2)
|
assert Pbkdf2.verify_pass(code2, hash2)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -16,7 +16,7 @@ defmodule Pleroma.Plugs.AuthenticationPlugTest do
|
||||||
user = %User{
|
user = %User{
|
||||||
id: 1,
|
id: 1,
|
||||||
name: "dude",
|
name: "dude",
|
||||||
password_hash: Comeonin.Pbkdf2.hashpwsalt("guy")
|
password_hash: Pbkdf2.hash_pwd_salt("guy")
|
||||||
}
|
}
|
||||||
|
|
||||||
conn =
|
conn =
|
||||||
|
|
|
@ -7,7 +7,7 @@ def build(data \\ %{}) do
|
||||||
email: "test@example.org",
|
email: "test@example.org",
|
||||||
name: "Test Name",
|
name: "Test Name",
|
||||||
nickname: "testname",
|
nickname: "testname",
|
||||||
password_hash: Comeonin.Pbkdf2.hashpwsalt("test"),
|
password_hash: Pbkdf2.hash_pwd_salt("test"),
|
||||||
bio: "A tester.",
|
bio: "A tester.",
|
||||||
ap_id: "some id",
|
ap_id: "some id",
|
||||||
last_digest_emailed_at: NaiveDateTime.truncate(NaiveDateTime.utc_now(), :second),
|
last_digest_emailed_at: NaiveDateTime.truncate(NaiveDateTime.utc_now(), :second),
|
||||||
|
|
|
@ -29,7 +29,7 @@ def user_factory do
|
||||||
name: sequence(:name, &"Test テスト User #{&1}"),
|
name: sequence(:name, &"Test テスト User #{&1}"),
|
||||||
email: sequence(:email, &"user#{&1}@example.com"),
|
email: sequence(:email, &"user#{&1}@example.com"),
|
||||||
nickname: sequence(:nickname, &"nick#{&1}"),
|
nickname: sequence(:nickname, &"nick#{&1}"),
|
||||||
password_hash: Comeonin.Pbkdf2.hashpwsalt("test"),
|
password_hash: Pbkdf2.hash_pwd_salt("test"),
|
||||||
bio: sequence(:bio, &"Tester Number #{&1}"),
|
bio: sequence(:bio, &"Tester Number #{&1}"),
|
||||||
last_digest_emailed_at: NaiveDateTime.utc_now(),
|
last_digest_emailed_at: NaiveDateTime.utc_now(),
|
||||||
last_refreshed_at: NaiveDateTime.utc_now(),
|
last_refreshed_at: NaiveDateTime.utc_now(),
|
||||||
|
|
|
@ -11,7 +11,7 @@ test "with HTTP Basic Auth used, grants access to OAuth scope-restricted endpoin
|
||||||
conn: conn
|
conn: conn
|
||||||
} do
|
} do
|
||||||
user = insert(:user)
|
user = insert(:user)
|
||||||
assert Comeonin.Pbkdf2.checkpw("test", user.password_hash)
|
assert Pbkdf2.verify_pass("test", user.password_hash)
|
||||||
|
|
||||||
basic_auth_contents =
|
basic_auth_contents =
|
||||||
(URI.encode_www_form(user.nickname) <> ":" <> URI.encode_www_form("test"))
|
(URI.encode_www_form(user.nickname) <> ":" <> URI.encode_www_form("test"))
|
||||||
|
|
|
@ -11,7 +11,7 @@ defmodule Pleroma.Web.Auth.PleromaAuthenticatorTest do
|
||||||
setup do
|
setup do
|
||||||
password = "testpassword"
|
password = "testpassword"
|
||||||
name = "AgentSmith"
|
name = "AgentSmith"
|
||||||
user = insert(:user, nickname: name, password_hash: Comeonin.Pbkdf2.hashpwsalt(password))
|
user = insert(:user, nickname: name, password_hash: Pbkdf2.hash_pwd_salt(password))
|
||||||
{:ok, [user: user, name: name, password: password]}
|
{:ok, [user: user, name: name, password: password]}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -34,7 +34,7 @@ test "checks backup codes" do
|
||||||
|
|
||||||
hashed_codes =
|
hashed_codes =
|
||||||
backup_codes
|
backup_codes
|
||||||
|> Enum.map(&Comeonin.Pbkdf2.hashpwsalt(&1))
|
|> Enum.map(&Pbkdf2.hash_pwd_salt(&1))
|
||||||
|
|
||||||
user =
|
user =
|
||||||
insert(:user,
|
insert(:user,
|
||||||
|
|
|
@ -41,13 +41,13 @@ test "/user_exists", %{conn: conn} do
|
||||||
end
|
end
|
||||||
|
|
||||||
test "/check_password", %{conn: conn} do
|
test "/check_password", %{conn: conn} do
|
||||||
user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt("cool"))
|
user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt("cool"))
|
||||||
|
|
||||||
_deactivated_user =
|
_deactivated_user =
|
||||||
insert(:user,
|
insert(:user,
|
||||||
nickname: "konata",
|
nickname: "konata",
|
||||||
deactivated: true,
|
deactivated: true,
|
||||||
password_hash: Comeonin.Pbkdf2.hashpwsalt("cool")
|
password_hash: Pbkdf2.hash_pwd_salt("cool")
|
||||||
)
|
)
|
||||||
|
|
||||||
res =
|
res =
|
||||||
|
|
|
@ -19,7 +19,7 @@ defmodule Pleroma.Web.OAuth.LDAPAuthorizationTest do
|
||||||
@tag @skip
|
@tag @skip
|
||||||
test "authorizes the existing user using LDAP credentials" do
|
test "authorizes the existing user using LDAP credentials" do
|
||||||
password = "testpassword"
|
password = "testpassword"
|
||||||
user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password))
|
user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt(password))
|
||||||
app = insert(:oauth_app, scopes: ["read", "write"])
|
app = insert(:oauth_app, scopes: ["read", "write"])
|
||||||
|
|
||||||
host = Pleroma.Config.get([:ldap, :host]) |> to_charlist
|
host = Pleroma.Config.get([:ldap, :host]) |> to_charlist
|
||||||
|
@ -104,7 +104,7 @@ test "creates a new user after successful LDAP authorization" do
|
||||||
@tag @skip
|
@tag @skip
|
||||||
test "falls back to the default authorization when LDAP is unavailable" do
|
test "falls back to the default authorization when LDAP is unavailable" do
|
||||||
password = "testpassword"
|
password = "testpassword"
|
||||||
user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password))
|
user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt(password))
|
||||||
app = insert(:oauth_app, scopes: ["read", "write"])
|
app = insert(:oauth_app, scopes: ["read", "write"])
|
||||||
|
|
||||||
host = Pleroma.Config.get([:ldap, :host]) |> to_charlist
|
host = Pleroma.Config.get([:ldap, :host]) |> to_charlist
|
||||||
|
@ -148,7 +148,7 @@ test "falls back to the default authorization when LDAP is unavailable" do
|
||||||
@tag @skip
|
@tag @skip
|
||||||
test "disallow authorization for wrong LDAP credentials" do
|
test "disallow authorization for wrong LDAP credentials" do
|
||||||
password = "testpassword"
|
password = "testpassword"
|
||||||
user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password))
|
user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt(password))
|
||||||
app = insert(:oauth_app, scopes: ["read", "write"])
|
app = insert(:oauth_app, scopes: ["read", "write"])
|
||||||
|
|
||||||
host = Pleroma.Config.get([:ldap, :host]) |> to_charlist
|
host = Pleroma.Config.get([:ldap, :host]) |> to_charlist
|
||||||
|
|
|
@ -20,7 +20,7 @@ defmodule Pleroma.Web.OAuth.MFAControllerTest do
|
||||||
insert(:user,
|
insert(:user,
|
||||||
multi_factor_authentication_settings: %MFA.Settings{
|
multi_factor_authentication_settings: %MFA.Settings{
|
||||||
enabled: true,
|
enabled: true,
|
||||||
backup_codes: [Comeonin.Pbkdf2.hashpwsalt("test-code")],
|
backup_codes: [Pbkdf2.hash_pwd_salt("test-code")],
|
||||||
totp: %MFA.Settings.TOTP{secret: otp_secret, confirmed: true}
|
totp: %MFA.Settings.TOTP{secret: otp_secret, confirmed: true}
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
@ -247,7 +247,7 @@ test "returns access token with valid code", %{conn: conn, app: app} do
|
||||||
|
|
||||||
hashed_codes =
|
hashed_codes =
|
||||||
backup_codes
|
backup_codes
|
||||||
|> Enum.map(&Comeonin.Pbkdf2.hashpwsalt(&1))
|
|> Enum.map(&Pbkdf2.hash_pwd_salt(&1))
|
||||||
|
|
||||||
user =
|
user =
|
||||||
insert(:user,
|
insert(:user,
|
||||||
|
|
|
@ -311,7 +311,7 @@ test "with valid params, POST /oauth/register?op=connect redirects to `redirect_
|
||||||
app: app,
|
app: app,
|
||||||
conn: conn
|
conn: conn
|
||||||
} do
|
} do
|
||||||
user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt("testpassword"))
|
user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt("testpassword"))
|
||||||
registration = insert(:registration, user: nil)
|
registration = insert(:registration, user: nil)
|
||||||
redirect_uri = OAuthController.default_redirect_uri(app)
|
redirect_uri = OAuthController.default_redirect_uri(app)
|
||||||
|
|
||||||
|
@ -342,7 +342,7 @@ test "with unlisted `redirect_uri`, POST /oauth/register?op=connect results in H
|
||||||
app: app,
|
app: app,
|
||||||
conn: conn
|
conn: conn
|
||||||
} do
|
} do
|
||||||
user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt("testpassword"))
|
user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt("testpassword"))
|
||||||
registration = insert(:registration, user: nil)
|
registration = insert(:registration, user: nil)
|
||||||
unlisted_redirect_uri = "http://cross-site-request.com"
|
unlisted_redirect_uri = "http://cross-site-request.com"
|
||||||
|
|
||||||
|
@ -750,7 +750,7 @@ test "issues a token for an all-body request" do
|
||||||
|
|
||||||
test "issues a token for `password` grant_type with valid credentials, with full permissions by default" do
|
test "issues a token for `password` grant_type with valid credentials, with full permissions by default" do
|
||||||
password = "testpassword"
|
password = "testpassword"
|
||||||
user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password))
|
user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt(password))
|
||||||
|
|
||||||
app = insert(:oauth_app, scopes: ["read", "write"])
|
app = insert(:oauth_app, scopes: ["read", "write"])
|
||||||
|
|
||||||
|
@ -778,7 +778,7 @@ test "issues a mfa token for `password` grant_type, when MFA enabled" do
|
||||||
|
|
||||||
user =
|
user =
|
||||||
insert(:user,
|
insert(:user,
|
||||||
password_hash: Comeonin.Pbkdf2.hashpwsalt(password),
|
password_hash: Pbkdf2.hash_pwd_salt(password),
|
||||||
multi_factor_authentication_settings: %MFA.Settings{
|
multi_factor_authentication_settings: %MFA.Settings{
|
||||||
enabled: true,
|
enabled: true,
|
||||||
totp: %MFA.Settings.TOTP{secret: otp_secret, confirmed: true}
|
totp: %MFA.Settings.TOTP{secret: otp_secret, confirmed: true}
|
||||||
|
@ -887,7 +887,7 @@ test "rejects token exchange for valid credentials belonging to unconfirmed user
|
||||||
password = "testpassword"
|
password = "testpassword"
|
||||||
|
|
||||||
{:ok, user} =
|
{:ok, user} =
|
||||||
insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password))
|
insert(:user, password_hash: Pbkdf2.hash_pwd_salt(password))
|
||||||
|> User.confirmation_changeset(need_confirmation: true)
|
|> User.confirmation_changeset(need_confirmation: true)
|
||||||
|> User.update_and_set_cache()
|
|> User.update_and_set_cache()
|
||||||
|
|
||||||
|
@ -915,7 +915,7 @@ test "rejects token exchange for valid credentials belonging to deactivated user
|
||||||
|
|
||||||
user =
|
user =
|
||||||
insert(:user,
|
insert(:user,
|
||||||
password_hash: Comeonin.Pbkdf2.hashpwsalt(password),
|
password_hash: Pbkdf2.hash_pwd_salt(password),
|
||||||
deactivated: true
|
deactivated: true
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -943,7 +943,7 @@ test "rejects token exchange for user with password_reset_pending set to true" d
|
||||||
|
|
||||||
user =
|
user =
|
||||||
insert(:user,
|
insert(:user,
|
||||||
password_hash: Comeonin.Pbkdf2.hashpwsalt(password),
|
password_hash: Pbkdf2.hash_pwd_salt(password),
|
||||||
password_reset_pending: true
|
password_reset_pending: true
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -972,7 +972,7 @@ test "rejects token exchange for user with confirmation_pending set to true" do
|
||||||
|
|
||||||
user =
|
user =
|
||||||
insert(:user,
|
insert(:user,
|
||||||
password_hash: Comeonin.Pbkdf2.hashpwsalt(password),
|
password_hash: Pbkdf2.hash_pwd_salt(password),
|
||||||
confirmation_pending: true
|
confirmation_pending: true
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
@ -54,7 +54,7 @@ test "it returns HTTP 200", %{conn: conn} do
|
||||||
assert response =~ "<h2>Password changed!</h2>"
|
assert response =~ "<h2>Password changed!</h2>"
|
||||||
|
|
||||||
user = refresh_record(user)
|
user = refresh_record(user)
|
||||||
assert Comeonin.Pbkdf2.checkpw("test", user.password_hash)
|
assert Pbkdf2.verify_pass("test", user.password_hash)
|
||||||
assert Enum.empty?(Token.get_user_tokens(user))
|
assert Enum.empty?(Token.get_user_tokens(user))
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -688,7 +688,7 @@ test "with proper permissions, valid password and matching new password and conf
|
||||||
|
|
||||||
assert json_response(conn, 200) == %{"status" => "success"}
|
assert json_response(conn, 200) == %{"status" => "success"}
|
||||||
fetched_user = User.get_cached_by_id(user.id)
|
fetched_user = User.get_cached_by_id(user.id)
|
||||||
assert Comeonin.Pbkdf2.checkpw("newpass", fetched_user.password_hash) == true
|
assert Pbkdf2.verify_pass("newpass", fetched_user.password_hash) == true
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue