Pbkdf2.verify_pass --> AuthenticationPlug.checkpw

This commit is contained in:
Alex Gleason 2020-05-14 08:42:27 -05:00
parent 9cbf17d59f
commit 5b0f27d23d
No known key found for this signature in database
GPG key ID: 7211D1F99744FBB7
4 changed files with 7 additions and 4 deletions

View file

@ -4,6 +4,7 @@
defmodule Pleroma.BBS.Authenticator do defmodule Pleroma.BBS.Authenticator do
use Sshd.PasswordAuthenticator use Sshd.PasswordAuthenticator
alias Pleroma.Plugs.AuthenticationPlug
alias Pleroma.User alias Pleroma.User
def authenticate(username, password) do def authenticate(username, password) do
@ -11,7 +12,7 @@ def authenticate(username, password) do
password = to_string(password) password = to_string(password)
with %User{} = user <- User.get_by_nickname(username) do with %User{} = user <- User.get_by_nickname(username) do
Pbkdf2.verify_pass(password, user.password_hash) AuthenticationPlug.checkpw(password, user.password_hash)
else else
_e -> false _e -> false
end end

View file

@ -41,7 +41,7 @@ def call(
} = conn, } = conn,
_ _
) do ) do
if Pbkdf2.verify_pass(password, password_hash) do if checkpw(password, password_hash) do
conn conn
|> assign(:user, auth_user) |> assign(:user, auth_user)
|> OAuthScopesPlug.skip_plug() |> OAuthScopesPlug.skip_plug()

View file

@ -5,6 +5,7 @@
defmodule Pleroma.Web.Auth.TOTPAuthenticator do defmodule Pleroma.Web.Auth.TOTPAuthenticator do
alias Pleroma.MFA alias Pleroma.MFA
alias Pleroma.MFA.TOTP alias Pleroma.MFA.TOTP
alias Pleroma.Plugs.AuthenticationPlug
alias Pleroma.User alias Pleroma.User
@doc "Verify code or check backup code." @doc "Verify code or check backup code."
@ -30,7 +31,7 @@ def verify_recovery_code(
code code
) )
when is_list(codes) and is_binary(code) do when is_list(codes) and is_binary(code) do
hash_code = Enum.find(codes, fn hash -> Pbkdf2.verify_pass(code, hash) end) hash_code = Enum.find(codes, fn hash -> AuthenticationPlug.checkpw(code, hash) end)
if hash_code do if hash_code do
MFA.invalidate_backup_code(user, hash_code) MFA.invalidate_backup_code(user, hash_code)

View file

@ -5,6 +5,7 @@
defmodule Pleroma.Web.MongooseIM.MongooseIMController do defmodule Pleroma.Web.MongooseIM.MongooseIMController do
use Pleroma.Web, :controller use Pleroma.Web, :controller
alias Pleroma.Plugs.AuthenticationPlug
alias Pleroma.Plugs.RateLimiter alias Pleroma.Plugs.RateLimiter
alias Pleroma.Repo alias Pleroma.Repo
alias Pleroma.User alias Pleroma.User
@ -27,7 +28,7 @@ def user_exists(conn, %{"user" => username}) do
def check_password(conn, %{"user" => username, "pass" => password}) do def check_password(conn, %{"user" => username, "pass" => password}) do
with %User{password_hash: password_hash, deactivated: false} <- with %User{password_hash: password_hash, deactivated: false} <-
Repo.get_by(User, nickname: username, local: true), Repo.get_by(User, nickname: username, local: true),
true <- Pbkdf2.verify_pass(password, password_hash) do true <- AuthenticationPlug.checkpw(password, password_hash) do
conn conn
|> json(true) |> json(true)
else else