diff options
| -rw-r--r-- | lib/Travelynx/Command/account.pm | 26 | ||||
| -rw-r--r-- | lib/Travelynx/Controller/Account.pm | 34 | ||||
| -rw-r--r-- | lib/Travelynx/Model/Users.pm | 15 | ||||
| -rw-r--r-- | t/22-visibility.t | 33 | 
4 files changed, 43 insertions, 65 deletions
| diff --git a/lib/Travelynx/Command/account.pm b/lib/Travelynx/Command/account.pm index 6f8ea93..e6cfa5c 100644 --- a/lib/Travelynx/Command/account.pm +++ b/lib/Travelynx/Command/account.pm @@ -4,21 +4,12 @@ package Travelynx::Command::account;  #  # SPDX-License-Identifier: AGPL-3.0-or-later  use Mojo::Base 'Mojolicious::Command'; -use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64); -use UUID::Tiny                 qw(:std); +use UUID::Tiny qw(:std);  has description => 'Add or remove user accounts';  has usage => sub { shift->extract_usage }; -sub hash_password { -	my ($password) = @_; -	my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 ); -	my $salt       = en_base64( pack( 'C[16]', @salt_bytes ) ); - -	return bcrypt( $password, '$2a$12$' . $salt ); -} -  sub add_user {  	my ( $self, $name, $email ) = @_; @@ -29,17 +20,16 @@ sub add_user {  		die;  	} -	my $token         = "tmp"; -	my $password      = substr( create_uuid_as_string(UUID_V4), 0, 18 ); -	my $password_hash = hash_password($password); +	my $token    = "tmp"; +	my $password = substr( create_uuid_as_string(UUID_V4), 0, 18 );  	my $tx      = $db->begin;  	my $user_id = $self->app->users->add( -		db            => $db, -		name          => $name, -		email         => $email, -		token         => $token, -		password_hash => $password_hash, +		db       => $db, +		name     => $name, +		email    => $email, +		token    => $token, +		password => $password,  	);  	my $success = $self->app->users->verify_registration_token(  		db             => $db, diff --git a/lib/Travelynx/Controller/Account.pm b/lib/Travelynx/Controller/Account.pm index f0f2119..f7bfa06 100644 --- a/lib/Travelynx/Controller/Account.pm +++ b/lib/Travelynx/Controller/Account.pm @@ -5,7 +5,6 @@ package Travelynx::Controller::Account;  # SPDX-License-Identifier: AGPL-3.0-or-later  use Mojo::Base 'Mojolicious::Controller'; -use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64);  use JSON;  use Mojo::Util qw(xml_escape);  use Text::Markdown; @@ -29,14 +28,6 @@ my %visibility_atoi = (  # Internal Helpers -sub hash_password { -	my ($password) = @_; -	my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 ); -	my $salt       = en_base64( pack( 'C[16]', @salt_bytes ) ); - -	return bcrypt( substr( $password, 0, 10000 ), '$2a$12$' . $salt ); -} -  sub make_token {  	return create_uuid_as_string(UUID_V4);  } @@ -363,15 +354,14 @@ sub register {  	}  	my $token   = make_token(); -	my $pw_hash = hash_password($password);  	my $db      = $self->pg->db;  	my $tx      = $db->begin;  	my $user_id = $self->users->add( -		db            => $db, -		name          => $user, -		email         => $email, -		token         => $token, -		password_hash => $pw_hash +		db       => $db, +		name     => $user, +		email    => $email, +		token    => $token, +		password => $password,  	);  	my $success = $self->send_registration_mail( @@ -1074,10 +1064,9 @@ sub change_password {  		return;  	} -	my $pw_hash = hash_password($password); -	$self->users->set_password_hash( -		uid           => $self->current_user->{id}, -		password_hash => $pw_hash +	$self->users->set_password( +		uid      => $self->current_user->{id}, +		password => $password  	);  	$self->flash( success => 'password' ); @@ -1178,10 +1167,9 @@ sub request_password_reset {  			return;  		} -		my $pw_hash = hash_password($password); -		$self->users->set_password_hash( -			uid           => $id, -			password_hash => $pw_hash +		$self->users->set_password( +			uid      => $id, +			password => $password  		);  		my $account = $self->get_user_data($id); diff --git a/lib/Travelynx/Model/Users.pm b/lib/Travelynx/Model/Users.pm index e465ee1..7b95efd 100644 --- a/lib/Travelynx/Model/Users.pm +++ b/lib/Travelynx/Model/Users.pm @@ -8,6 +8,7 @@ use strict;  use warnings;  use 5.020; +use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64);  use DateTime;  use JSON; @@ -61,6 +62,14 @@ sub new {  	return bless( \%opt, $class );  } +sub hash_password { +	my ( $self, $password ) = @_; +	my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 ); +	my $salt       = en_base64( pack( 'C[16]', @salt_bytes ) ); + +	return bcrypt( substr( $password, 0, 10000 ), '$2a$12$' . $salt ); +} +  sub get_token_id {  	my ( $self, $type ) = @_; @@ -471,7 +480,7 @@ sub add {  	my $user_name = $opt{name};  	my $email     = $opt{email};  	my $token     = $opt{token}; -	my $password  = $opt{password_hash}; +	my $password  = $self->hash_password( $opt{password} );  	# This helper must be called during a transaction, as user creation  	# may fail even after the database entry has been generated, e.g.  if @@ -577,11 +586,11 @@ sub delete {  	return \%res;  } -sub set_password_hash { +sub set_password {  	my ( $self, %opt ) = @_;  	my $db       = $opt{db} // $self->{pg}->db;  	my $uid      = $opt{uid}; -	my $password = $opt{password_hash}; +	my $password = $self->hash_password( $opt{password} );  	$db->update( 'users', { password => $password }, { id => $uid } );  } diff --git a/t/22-visibility.t b/t/22-visibility.t index 6e3fd38..6e827c5 100644 --- a/t/22-visibility.t +++ b/t/22-visibility.t @@ -11,7 +11,6 @@ use Mojo::Base -strict;  use Test::More;  use Test::Mojo; -use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64);  use DateTime;  use Travel::Status::DE::IRIS::Result; @@ -41,14 +40,6 @@ $t->app->start( 'database', 'migrate' );  my $u = $t->app->users; -sub hash_password { -	my ($password) = @_; -	my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 ); -	my $salt       = en_base64( pack( 'C[16]', @salt_bytes ) ); - -	return bcrypt( substr( $password, 0, 10000 ), '$2a$12$' . $salt ); -} -  sub login {  	my %opt = @_;  	my $csrf_token @@ -202,24 +193,24 @@ sub test_visibility {  }  my $uid1 = $u->add( -	name          => 'test1', -	email         => 'test1@example.org', -	token         => 'abcd', -	password_hash => hash_password('password1'), +	name     => 'test1', +	email    => 'test1@example.org', +	token    => 'abcd', +	password => 'password1',  );  my $uid2 = $u->add( -	name          => 'test2', -	email         => 'test2@example.org', -	token         => 'efgh', -	password_hash => hash_password('password2'), +	name     => 'test2', +	email    => 'test2@example.org', +	token    => 'efgh', +	password => 'password2',  );  my $uid3 = $u->add( -	name          => 'test3', -	email         => 'test3@example.org', -	token         => 'ijkl', -	password_hash => hash_password('password3'), +	name     => 'test3', +	email    => 'test3@example.org', +	token    => 'ijkl', +	password => 'password3',  );  $u->verify_registration_token( | 
