PrivateCoffee/travelynx
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Move hash_password to Model/Users

Browse source
This commit is contained in:
Derf Null 2023-06-26 19:40:29 +02:00
parent 9b54276e8c
commit 0702a0edca
No known key found for this signature in database
GPG key ID: 19E6E524EBB177BA
4 changed files with 43 additions and 65 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
lib/Travelynx/Command/account.pm
View file

@ -4,21 +4,12 @@ package Travelynx::Command::account;
#
# SPDX-License-Identifier: AGPL-3.0-or-later
use Mojo::Base 'Mojolicious::Command';
use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64);
use UUID::Tiny qw(:std);
use UUID::Tiny qw(:std);
has description => 'Add or remove user accounts';
has usage => sub { shift->extract_usage };
sub hash_password {
my ($password) = @_;
my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 );
my $salt = en_base64( pack( 'C[16]', @salt_bytes ) );
return bcrypt( $password, '$2a$12$' . $salt );
}
sub add_user {
my ( $self, $name, $email ) = @_;
@ -29,17 +20,16 @@ sub add_user {
die;
}
my $token = "tmp";
my $password = substr( create_uuid_as_string(UUID_V4), 0, 18 );
my $password_hash = hash_password($password);
my $token = "tmp";
my $password = substr( create_uuid_as_string(UUID_V4), 0, 18 );
my $tx = $db->begin;
my $user_id = $self->app->users->add(
db => $db,
name => $name,
email => $email,
token => $token,
password_hash => $password_hash,
db => $db,
name => $name,
email => $email,
token => $token,
password => $password,
);
my $success = $self->app->users->verify_registration_token(
db => $db,

34
lib/Travelynx/Controller/Account.pm
View file

@ -5,7 +5,6 @@ package Travelynx::Controller::Account;
# SPDX-License-Identifier: AGPL-3.0-or-later
use Mojo::Base 'Mojolicious::Controller';
use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64);
use JSON;
use Mojo::Util qw(xml_escape);
use Text::Markdown;
@ -29,14 +28,6 @@ my %visibility_atoi = (
# Internal Helpers
sub hash_password {
my ($password) = @_;
my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 );
my $salt = en_base64( pack( 'C[16]', @salt_bytes ) );
return bcrypt( substr( $password, 0, 10000 ), '$2a$12$' . $salt );
}
sub make_token {
return create_uuid_as_string(UUID_V4);
}
@ -363,15 +354,14 @@ sub register {
}
my $token = make_token();
my $pw_hash = hash_password($password);
my $db = $self->pg->db;
my $tx = $db->begin;
my $user_id = $self->users->add(
db => $db,
name => $user,
email => $email,
token => $token,
password_hash => $pw_hash
db => $db,
name => $user,
email => $email,
token => $token,
password => $password,
);
my $success = $self->send_registration_mail(
@ -1074,10 +1064,9 @@ sub change_password {
return;
}
my $pw_hash = hash_password($password);
$self->users->set_password_hash(
uid => $self->current_user->{id},
password_hash => $pw_hash
$self->users->set_password(
uid => $self->current_user->{id},
password => $password
);
$self->flash( success => 'password' );
@ -1178,10 +1167,9 @@ sub request_password_reset {
return;
}
my $pw_hash = hash_password($password);
$self->users->set_password_hash(
uid => $id,
password_hash => $pw_hash
$self->users->set_password(
uid => $id,
password => $password
);
my $account = $self->get_user_data($id);

15
lib/Travelynx/Model/Users.pm
View file

@ -8,6 +8,7 @@ use strict;
use warnings;
use 5.020;
use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64);
use DateTime;
use JSON;
@ -61,6 +62,14 @@ sub new {
return bless( \%opt, $class );
}
sub hash_password {
my ( $self, $password ) = @_;
my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 );
my $salt = en_base64( pack( 'C[16]', @salt_bytes ) );
return bcrypt( substr( $password, 0, 10000 ), '$2a$12$' . $salt );
}
sub get_token_id {
my ( $self, $type ) = @_;
@ -471,7 +480,7 @@ sub add {
my $user_name = $opt{name};
my $email = $opt{email};
my $token = $opt{token};
my $password = $opt{password_hash};
my $password = $self->hash_password( $opt{password} );
# This helper must be called during a transaction, as user creation
# may fail even after the database entry has been generated, e.g. if
@ -577,11 +586,11 @@ sub delete {
return \%res;
}
sub set_password_hash {
sub set_password {
my ( $self, %opt ) = @_;
my $db = $opt{db} // $self->{pg}->db;
my $uid = $opt{uid};
my $password = $opt{password_hash};
my $password = $self->hash_password( $opt{password} );
$db->update( 'users', { password => $password }, { id => $uid } );
}

33
t/22-visibility.t
View file

@ -11,7 +11,6 @@ use Mojo::Base -strict;
use Test::More;
use Test::Mojo;
use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64);
use DateTime;
use Travel::Status::DE::IRIS::Result;
@ -41,14 +40,6 @@ $t->app->start( 'database', 'migrate' );
my $u = $t->app->users;
sub hash_password {
my ($password) = @_;
my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 );
my $salt = en_base64( pack( 'C[16]', @salt_bytes ) );
return bcrypt( substr( $password, 0, 10000 ), '$2a$12$' . $salt );
}
sub login {
my %opt = @_;
my $csrf_token
@ -202,24 +193,24 @@ sub test_visibility {
}
my $uid1 = $u->add(
name => 'test1',
email => 'test1@example.org',
token => 'abcd',
password_hash => hash_password('password1'),
name => 'test1',
email => 'test1@example.org',
token => 'abcd',
password => 'password1',
);
my $uid2 = $u->add(
name => 'test2',
email => 'test2@example.org',
token => 'efgh',
password_hash => hash_password('password2'),
name => 'test2',
email => 'test2@example.org',
token => 'efgh',
password => 'password2',
);
my $uid3 = $u->add(
name => 'test3',
email => 'test3@example.org',
token => 'ijkl',
password_hash => hash_password('password3'),
name => 'test3',
email => 'test3@example.org',
token => 'ijkl',
password => 'password3',
);
$u->verify_registration_token(