summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDerf Null <derf@finalrewind.org>2023-06-26 19:40:29 +0200
committerDerf Null <derf@finalrewind.org>2023-06-26 19:50:49 +0200
commit0702a0edca47bef27e8beeac0aad5f7a5da4f14c (patch)
tree9c3e85b59934c5039c962e0259f0ce8beab6e8e4
parent9b54276e8c3ddf4004207c1a92801b688541428c (diff)
Move hash_password to Model/Users
-rw-r--r--lib/Travelynx/Command/account.pm26
-rw-r--r--lib/Travelynx/Controller/Account.pm34
-rw-r--r--lib/Travelynx/Model/Users.pm15
-rw-r--r--t/22-visibility.t33
4 files changed, 43 insertions, 65 deletions
diff --git a/lib/Travelynx/Command/account.pm b/lib/Travelynx/Command/account.pm
index 6f8ea93..e6cfa5c 100644
--- a/lib/Travelynx/Command/account.pm
+++ b/lib/Travelynx/Command/account.pm
@@ -4,21 +4,12 @@ package Travelynx::Command::account;
#
# SPDX-License-Identifier: AGPL-3.0-or-later
use Mojo::Base 'Mojolicious::Command';
-use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64);
-use UUID::Tiny qw(:std);
+use UUID::Tiny qw(:std);
has description => 'Add or remove user accounts';
has usage => sub { shift->extract_usage };
-sub hash_password {
- my ($password) = @_;
- my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 );
- my $salt = en_base64( pack( 'C[16]', @salt_bytes ) );
-
- return bcrypt( $password, '$2a$12$' . $salt );
-}
-
sub add_user {
my ( $self, $name, $email ) = @_;
@@ -29,17 +20,16 @@ sub add_user {
die;
}
- my $token = "tmp";
- my $password = substr( create_uuid_as_string(UUID_V4), 0, 18 );
- my $password_hash = hash_password($password);
+ my $token = "tmp";
+ my $password = substr( create_uuid_as_string(UUID_V4), 0, 18 );
my $tx = $db->begin;
my $user_id = $self->app->users->add(
- db => $db,
- name => $name,
- email => $email,
- token => $token,
- password_hash => $password_hash,
+ db => $db,
+ name => $name,
+ email => $email,
+ token => $token,
+ password => $password,
);
my $success = $self->app->users->verify_registration_token(
db => $db,
diff --git a/lib/Travelynx/Controller/Account.pm b/lib/Travelynx/Controller/Account.pm
index f0f2119..f7bfa06 100644
--- a/lib/Travelynx/Controller/Account.pm
+++ b/lib/Travelynx/Controller/Account.pm
@@ -5,7 +5,6 @@ package Travelynx::Controller::Account;
# SPDX-License-Identifier: AGPL-3.0-or-later
use Mojo::Base 'Mojolicious::Controller';
-use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64);
use JSON;
use Mojo::Util qw(xml_escape);
use Text::Markdown;
@@ -29,14 +28,6 @@ my %visibility_atoi = (
# Internal Helpers
-sub hash_password {
- my ($password) = @_;
- my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 );
- my $salt = en_base64( pack( 'C[16]', @salt_bytes ) );
-
- return bcrypt( substr( $password, 0, 10000 ), '$2a$12$' . $salt );
-}
-
sub make_token {
return create_uuid_as_string(UUID_V4);
}
@@ -363,15 +354,14 @@ sub register {
}
my $token = make_token();
- my $pw_hash = hash_password($password);
my $db = $self->pg->db;
my $tx = $db->begin;
my $user_id = $self->users->add(
- db => $db,
- name => $user,
- email => $email,
- token => $token,
- password_hash => $pw_hash
+ db => $db,
+ name => $user,
+ email => $email,
+ token => $token,
+ password => $password,
);
my $success = $self->send_registration_mail(
@@ -1074,10 +1064,9 @@ sub change_password {
return;
}
- my $pw_hash = hash_password($password);
- $self->users->set_password_hash(
- uid => $self->current_user->{id},
- password_hash => $pw_hash
+ $self->users->set_password(
+ uid => $self->current_user->{id},
+ password => $password
);
$self->flash( success => 'password' );
@@ -1178,10 +1167,9 @@ sub request_password_reset {
return;
}
- my $pw_hash = hash_password($password);
- $self->users->set_password_hash(
- uid => $id,
- password_hash => $pw_hash
+ $self->users->set_password(
+ uid => $id,
+ password => $password
);
my $account = $self->get_user_data($id);
diff --git a/lib/Travelynx/Model/Users.pm b/lib/Travelynx/Model/Users.pm
index e465ee1..7b95efd 100644
--- a/lib/Travelynx/Model/Users.pm
+++ b/lib/Travelynx/Model/Users.pm
@@ -8,6 +8,7 @@ use strict;
use warnings;
use 5.020;
+use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64);
use DateTime;
use JSON;
@@ -61,6 +62,14 @@ sub new {
return bless( \%opt, $class );
}
+sub hash_password {
+ my ( $self, $password ) = @_;
+ my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 );
+ my $salt = en_base64( pack( 'C[16]', @salt_bytes ) );
+
+ return bcrypt( substr( $password, 0, 10000 ), '$2a$12$' . $salt );
+}
+
sub get_token_id {
my ( $self, $type ) = @_;
@@ -471,7 +480,7 @@ sub add {
my $user_name = $opt{name};
my $email = $opt{email};
my $token = $opt{token};
- my $password = $opt{password_hash};
+ my $password = $self->hash_password( $opt{password} );
# This helper must be called during a transaction, as user creation
# may fail even after the database entry has been generated, e.g. if
@@ -577,11 +586,11 @@ sub delete {
return \%res;
}
-sub set_password_hash {
+sub set_password {
my ( $self, %opt ) = @_;
my $db = $opt{db} // $self->{pg}->db;
my $uid = $opt{uid};
- my $password = $opt{password_hash};
+ my $password = $self->hash_password( $opt{password} );
$db->update( 'users', { password => $password }, { id => $uid } );
}
diff --git a/t/22-visibility.t b/t/22-visibility.t
index 6e3fd38..6e827c5 100644
--- a/t/22-visibility.t
+++ b/t/22-visibility.t
@@ -11,7 +11,6 @@ use Mojo::Base -strict;
use Test::More;
use Test::Mojo;
-use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64);
use DateTime;
use Travel::Status::DE::IRIS::Result;
@@ -41,14 +40,6 @@ $t->app->start( 'database', 'migrate' );
my $u = $t->app->users;
-sub hash_password {
- my ($password) = @_;
- my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 );
- my $salt = en_base64( pack( 'C[16]', @salt_bytes ) );
-
- return bcrypt( substr( $password, 0, 10000 ), '$2a$12$' . $salt );
-}
-
sub login {
my %opt = @_;
my $csrf_token
@@ -202,24 +193,24 @@ sub test_visibility {
}
my $uid1 = $u->add(
- name => 'test1',
- email => 'test1@example.org',
- token => 'abcd',
- password_hash => hash_password('password1'),
+ name => 'test1',
+ email => 'test1@example.org',
+ token => 'abcd',
+ password => 'password1',
);
my $uid2 = $u->add(
- name => 'test2',
- email => 'test2@example.org',
- token => 'efgh',
- password_hash => hash_password('password2'),
+ name => 'test2',
+ email => 'test2@example.org',
+ token => 'efgh',
+ password => 'password2',
);
my $uid3 = $u->add(
- name => 'test3',
- email => 'test3@example.org',
- token => 'ijkl',
- password_hash => hash_password('password3'),
+ name => 'test3',
+ email => 'test3@example.org',
+ token => 'ijkl',
+ password => 'password3',
);
$u->verify_registration_token(