From 0702a0edca47bef27e8beeac0aad5f7a5da4f14c Mon Sep 17 00:00:00 2001 From: Derf Null Date: Mon, 26 Jun 2023 19:40:29 +0200 Subject: Move hash_password to Model/Users --- lib/Travelynx/Command/account.pm | 26 ++++++++------------------ lib/Travelynx/Controller/Account.pm | 34 +++++++++++----------------------- lib/Travelynx/Model/Users.pm | 15 ++++++++++++--- t/22-visibility.t | 33 ++++++++++++--------------------- 4 files changed, 43 insertions(+), 65 deletions(-) diff --git a/lib/Travelynx/Command/account.pm b/lib/Travelynx/Command/account.pm index 6f8ea93..e6cfa5c 100644 --- a/lib/Travelynx/Command/account.pm +++ b/lib/Travelynx/Command/account.pm @@ -4,21 +4,12 @@ package Travelynx::Command::account; # # SPDX-License-Identifier: AGPL-3.0-or-later use Mojo::Base 'Mojolicious::Command'; -use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64); -use UUID::Tiny qw(:std); +use UUID::Tiny qw(:std); has description => 'Add or remove user accounts'; has usage => sub { shift->extract_usage }; -sub hash_password { - my ($password) = @_; - my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 ); - my $salt = en_base64( pack( 'C[16]', @salt_bytes ) ); - - return bcrypt( $password, '$2a$12$' . $salt ); -} - sub add_user { my ( $self, $name, $email ) = @_; @@ -29,17 +20,16 @@ sub add_user { die; } - my $token = "tmp"; - my $password = substr( create_uuid_as_string(UUID_V4), 0, 18 ); - my $password_hash = hash_password($password); + my $token = "tmp"; + my $password = substr( create_uuid_as_string(UUID_V4), 0, 18 ); my $tx = $db->begin; my $user_id = $self->app->users->add( - db => $db, - name => $name, - email => $email, - token => $token, - password_hash => $password_hash, + db => $db, + name => $name, + email => $email, + token => $token, + password => $password, ); my $success = $self->app->users->verify_registration_token( db => $db, diff --git a/lib/Travelynx/Controller/Account.pm b/lib/Travelynx/Controller/Account.pm index f0f2119..f7bfa06 100644 --- a/lib/Travelynx/Controller/Account.pm +++ b/lib/Travelynx/Controller/Account.pm @@ -5,7 +5,6 @@ package Travelynx::Controller::Account; # SPDX-License-Identifier: AGPL-3.0-or-later use Mojo::Base 'Mojolicious::Controller'; -use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64); use JSON; use Mojo::Util qw(xml_escape); use Text::Markdown; @@ -29,14 +28,6 @@ my %visibility_atoi = ( # Internal Helpers -sub hash_password { - my ($password) = @_; - my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 ); - my $salt = en_base64( pack( 'C[16]', @salt_bytes ) ); - - return bcrypt( substr( $password, 0, 10000 ), '$2a$12$' . $salt ); -} - sub make_token { return create_uuid_as_string(UUID_V4); } @@ -363,15 +354,14 @@ sub register { } my $token = make_token(); - my $pw_hash = hash_password($password); my $db = $self->pg->db; my $tx = $db->begin; my $user_id = $self->users->add( - db => $db, - name => $user, - email => $email, - token => $token, - password_hash => $pw_hash + db => $db, + name => $user, + email => $email, + token => $token, + password => $password, ); my $success = $self->send_registration_mail( @@ -1074,10 +1064,9 @@ sub change_password { return; } - my $pw_hash = hash_password($password); - $self->users->set_password_hash( - uid => $self->current_user->{id}, - password_hash => $pw_hash + $self->users->set_password( + uid => $self->current_user->{id}, + password => $password ); $self->flash( success => 'password' ); @@ -1178,10 +1167,9 @@ sub request_password_reset { return; } - my $pw_hash = hash_password($password); - $self->users->set_password_hash( - uid => $id, - password_hash => $pw_hash + $self->users->set_password( + uid => $id, + password => $password ); my $account = $self->get_user_data($id); diff --git a/lib/Travelynx/Model/Users.pm b/lib/Travelynx/Model/Users.pm index e465ee1..7b95efd 100644 --- a/lib/Travelynx/Model/Users.pm +++ b/lib/Travelynx/Model/Users.pm @@ -8,6 +8,7 @@ use strict; use warnings; use 5.020; +use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64); use DateTime; use JSON; @@ -61,6 +62,14 @@ sub new { return bless( \%opt, $class ); } +sub hash_password { + my ( $self, $password ) = @_; + my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 ); + my $salt = en_base64( pack( 'C[16]', @salt_bytes ) ); + + return bcrypt( substr( $password, 0, 10000 ), '$2a$12$' . $salt ); +} + sub get_token_id { my ( $self, $type ) = @_; @@ -471,7 +480,7 @@ sub add { my $user_name = $opt{name}; my $email = $opt{email}; my $token = $opt{token}; - my $password = $opt{password_hash}; + my $password = $self->hash_password( $opt{password} ); # This helper must be called during a transaction, as user creation # may fail even after the database entry has been generated, e.g. if @@ -577,11 +586,11 @@ sub delete { return \%res; } -sub set_password_hash { +sub set_password { my ( $self, %opt ) = @_; my $db = $opt{db} // $self->{pg}->db; my $uid = $opt{uid}; - my $password = $opt{password_hash}; + my $password = $self->hash_password( $opt{password} ); $db->update( 'users', { password => $password }, { id => $uid } ); } diff --git a/t/22-visibility.t b/t/22-visibility.t index 6e3fd38..6e827c5 100644 --- a/t/22-visibility.t +++ b/t/22-visibility.t @@ -11,7 +11,6 @@ use Mojo::Base -strict; use Test::More; use Test::Mojo; -use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64); use DateTime; use Travel::Status::DE::IRIS::Result; @@ -41,14 +40,6 @@ $t->app->start( 'database', 'migrate' ); my $u = $t->app->users; -sub hash_password { - my ($password) = @_; - my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 ); - my $salt = en_base64( pack( 'C[16]', @salt_bytes ) ); - - return bcrypt( substr( $password, 0, 10000 ), '$2a$12$' . $salt ); -} - sub login { my %opt = @_; my $csrf_token @@ -202,24 +193,24 @@ sub test_visibility { } my $uid1 = $u->add( - name => 'test1', - email => 'test1@example.org', - token => 'abcd', - password_hash => hash_password('password1'), + name => 'test1', + email => 'test1@example.org', + token => 'abcd', + password => 'password1', ); my $uid2 = $u->add( - name => 'test2', - email => 'test2@example.org', - token => 'efgh', - password_hash => hash_password('password2'), + name => 'test2', + email => 'test2@example.org', + token => 'efgh', + password => 'password2', ); my $uid3 = $u->add( - name => 'test3', - email => 'test3@example.org', - token => 'ijkl', - password_hash => hash_password('password3'), + name => 'test3', + email => 'test3@example.org', + token => 'ijkl', + password => 'password3', ); $u->verify_registration_token( -- cgit v1.2.3