forked from YokaiRick/akkoma
Password: Add password module
Replaces Pbkdf2.
This commit is contained in:
parent
f917285b72
commit
c7cd9bd591
3 changed files with 91 additions and 1 deletions
|
@ -53,7 +53,7 @@
|
|||
config :pleroma, :dangerzone, override_repo_pool_size: true
|
||||
|
||||
# Reduce hash rounds for testing
|
||||
config :pbkdf2_elixir, rounds: 1
|
||||
config :pleroma, :password, iterations: 1
|
||||
|
||||
config :tesla, adapter: Tesla.Mock
|
||||
|
||||
|
|
55
lib/pleroma/password.ex
Normal file
55
lib/pleroma/password.ex
Normal file
|
@ -0,0 +1,55 @@
|
|||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Password do
|
||||
@moduledoc """
|
||||
This module implements Pleroma.Password passwords in terms of Plug.Crypto.
|
||||
"""
|
||||
|
||||
alias Plug.Crypto.KeyGenerator
|
||||
|
||||
def decode64(str) do
|
||||
str
|
||||
|> String.replace(".", "+")
|
||||
|> Base.decode64!(padding: false)
|
||||
end
|
||||
|
||||
def encode64(bin) do
|
||||
bin
|
||||
|> Base.encode64(padding: false)
|
||||
|> String.replace("+", ".")
|
||||
end
|
||||
|
||||
def verify_pass(password, hash) do
|
||||
["pbkdf2-" <> digest, iterations, salt, hash] = String.split(hash, "$", trim: true)
|
||||
|
||||
salt = decode64(salt)
|
||||
|
||||
iterations = String.to_integer(iterations)
|
||||
|
||||
digest = String.to_atom(digest)
|
||||
|
||||
binary_hash =
|
||||
KeyGenerator.generate(password, salt, digest: digest, iterations: iterations, length: 64)
|
||||
|
||||
encode64(binary_hash) == hash
|
||||
end
|
||||
|
||||
def hash_pwd_salt(password, opts \\ []) do
|
||||
salt =
|
||||
Keyword.get_lazy(opts, :salt, fn ->
|
||||
:crypto.strong_rand_bytes(16)
|
||||
end)
|
||||
|
||||
digest = Keyword.get(opts, :digest, :sha512)
|
||||
|
||||
iterations =
|
||||
Keyword.get(opts, :iterations, Pleroma.Config.get([:password, :iterations], 160_000))
|
||||
|
||||
binary_hash =
|
||||
KeyGenerator.generate(password, salt, digest: digest, iterations: iterations, length: 64)
|
||||
|
||||
"$pbkdf2-#{digest}$#{iterations}$#{encode64(salt)}$#{encode64(binary_hash)}"
|
||||
end
|
||||
end
|
35
test/pleroma/password_test.exs
Normal file
35
test/pleroma/password_test.exs
Normal file
|
@ -0,0 +1,35 @@
|
|||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.PasswordTest do
|
||||
use Pleroma.DataCase, async: true
|
||||
|
||||
alias Pleroma.Password
|
||||
|
||||
test "it generates the same hash as pbkd2_elixir" do
|
||||
# hash = Pleroma.Password.hash_pwd_salt("password")
|
||||
hash =
|
||||
"$pbkdf2-sha512$1$QJpEYw8iBKcnY.4Rm0eCVw$UBPeWQ91RxSv3snxsb/ZzMeG/2aa03c541bbo8vQudREGNta5t8jBQrd00fyJp8RjaqfvgdZxy2rhSwljyu21g"
|
||||
|
||||
# Use the same randomly generated salt
|
||||
salt = Password.decode64("QJpEYw8iBKcnY.4Rm0eCVw")
|
||||
|
||||
assert hash == Password.hash_pwd_salt("password", salt: salt)
|
||||
end
|
||||
|
||||
@tag skip: "Works when Pbkd2 is present. Source: trust me bro"
|
||||
test "Pleroma.Password can verify passwords generated with it" do
|
||||
hash = Password.hash_pwd_salt("password")
|
||||
|
||||
assert Pleroma.Password.verify_pass("password", hash)
|
||||
end
|
||||
|
||||
test "it verifies pbkdf2_elixir hashes" do
|
||||
# hash = Pleroma.Password.hash_pwd_salt("password")
|
||||
hash =
|
||||
"$pbkdf2-sha512$1$QJpEYw8iBKcnY.4Rm0eCVw$UBPeWQ91RxSv3snxsb/ZzMeG/2aa03c541bbo8vQudREGNta5t8jBQrd00fyJp8RjaqfvgdZxy2rhSwljyu21g"
|
||||
|
||||
assert Password.verify_pass("password", hash)
|
||||
end
|
||||
end
|
Loading…
Reference in a new issue