summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/Travelynx/Command/account.pm26
-rw-r--r--lib/Travelynx/Controller/Account.pm34
-rw-r--r--lib/Travelynx/Model/Users.pm15
3 files changed, 31 insertions, 44 deletions
diff --git a/lib/Travelynx/Command/account.pm b/lib/Travelynx/Command/account.pm
index 6f8ea93..e6cfa5c 100644
--- a/lib/Travelynx/Command/account.pm
+++ b/lib/Travelynx/Command/account.pm
@@ -4,21 +4,12 @@ package Travelynx::Command::account;
#
# SPDX-License-Identifier: AGPL-3.0-or-later
use Mojo::Base 'Mojolicious::Command';
-use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64);
-use UUID::Tiny qw(:std);
+use UUID::Tiny qw(:std);
has description => 'Add or remove user accounts';
has usage => sub { shift->extract_usage };
-sub hash_password {
- my ($password) = @_;
- my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 );
- my $salt = en_base64( pack( 'C[16]', @salt_bytes ) );
-
- return bcrypt( $password, '$2a$12$' . $salt );
-}
-
sub add_user {
my ( $self, $name, $email ) = @_;
@@ -29,17 +20,16 @@ sub add_user {
die;
}
- my $token = "tmp";
- my $password = substr( create_uuid_as_string(UUID_V4), 0, 18 );
- my $password_hash = hash_password($password);
+ my $token = "tmp";
+ my $password = substr( create_uuid_as_string(UUID_V4), 0, 18 );
my $tx = $db->begin;
my $user_id = $self->app->users->add(
- db => $db,
- name => $name,
- email => $email,
- token => $token,
- password_hash => $password_hash,
+ db => $db,
+ name => $name,
+ email => $email,
+ token => $token,
+ password => $password,
);
my $success = $self->app->users->verify_registration_token(
db => $db,
diff --git a/lib/Travelynx/Controller/Account.pm b/lib/Travelynx/Controller/Account.pm
index f0f2119..f7bfa06 100644
--- a/lib/Travelynx/Controller/Account.pm
+++ b/lib/Travelynx/Controller/Account.pm
@@ -5,7 +5,6 @@ package Travelynx::Controller::Account;
# SPDX-License-Identifier: AGPL-3.0-or-later
use Mojo::Base 'Mojolicious::Controller';
-use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64);
use JSON;
use Mojo::Util qw(xml_escape);
use Text::Markdown;
@@ -29,14 +28,6 @@ my %visibility_atoi = (
# Internal Helpers
-sub hash_password {
- my ($password) = @_;
- my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 );
- my $salt = en_base64( pack( 'C[16]', @salt_bytes ) );
-
- return bcrypt( substr( $password, 0, 10000 ), '$2a$12$' . $salt );
-}
-
sub make_token {
return create_uuid_as_string(UUID_V4);
}
@@ -363,15 +354,14 @@ sub register {
}
my $token = make_token();
- my $pw_hash = hash_password($password);
my $db = $self->pg->db;
my $tx = $db->begin;
my $user_id = $self->users->add(
- db => $db,
- name => $user,
- email => $email,
- token => $token,
- password_hash => $pw_hash
+ db => $db,
+ name => $user,
+ email => $email,
+ token => $token,
+ password => $password,
);
my $success = $self->send_registration_mail(
@@ -1074,10 +1064,9 @@ sub change_password {
return;
}
- my $pw_hash = hash_password($password);
- $self->users->set_password_hash(
- uid => $self->current_user->{id},
- password_hash => $pw_hash
+ $self->users->set_password(
+ uid => $self->current_user->{id},
+ password => $password
);
$self->flash( success => 'password' );
@@ -1178,10 +1167,9 @@ sub request_password_reset {
return;
}
- my $pw_hash = hash_password($password);
- $self->users->set_password_hash(
- uid => $id,
- password_hash => $pw_hash
+ $self->users->set_password(
+ uid => $id,
+ password => $password
);
my $account = $self->get_user_data($id);
diff --git a/lib/Travelynx/Model/Users.pm b/lib/Travelynx/Model/Users.pm
index e465ee1..7b95efd 100644
--- a/lib/Travelynx/Model/Users.pm
+++ b/lib/Travelynx/Model/Users.pm
@@ -8,6 +8,7 @@ use strict;
use warnings;
use 5.020;
+use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64);
use DateTime;
use JSON;
@@ -61,6 +62,14 @@ sub new {
return bless( \%opt, $class );
}
+sub hash_password {
+ my ( $self, $password ) = @_;
+ my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 );
+ my $salt = en_base64( pack( 'C[16]', @salt_bytes ) );
+
+ return bcrypt( substr( $password, 0, 10000 ), '$2a$12$' . $salt );
+}
+
sub get_token_id {
my ( $self, $type ) = @_;
@@ -471,7 +480,7 @@ sub add {
my $user_name = $opt{name};
my $email = $opt{email};
my $token = $opt{token};
- my $password = $opt{password_hash};
+ my $password = $self->hash_password( $opt{password} );
# This helper must be called during a transaction, as user creation
# may fail even after the database entry has been generated, e.g. if
@@ -577,11 +586,11 @@ sub delete {
return \%res;
}
-sub set_password_hash {
+sub set_password {
my ( $self, %opt ) = @_;
my $db = $opt{db} // $self->{pg}->db;
my $uid = $opt{uid};
- my $password = $opt{password_hash};
+ my $password = $self->hash_password( $opt{password} );
$db->update( 'users', { password => $password }, { id => $uid } );
}