From 0702a0edca47bef27e8beeac0aad5f7a5da4f14c Mon Sep 17 00:00:00 2001
From: Derf Null <derf@finalrewind.org>
Date: Mon, 26 Jun 2023 19:40:29 +0200
Subject: Move hash_password to Model/Users

---
 lib/Travelynx/Model/Users.pm | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

(limited to 'lib/Travelynx/Model/Users.pm')

diff --git a/lib/Travelynx/Model/Users.pm b/lib/Travelynx/Model/Users.pm
index e465ee1..7b95efd 100644
--- a/lib/Travelynx/Model/Users.pm
+++ b/lib/Travelynx/Model/Users.pm
@@ -8,6 +8,7 @@ use strict;
 use warnings;
 use 5.020;
 
+use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64);
 use DateTime;
 use JSON;
 
@@ -61,6 +62,14 @@ sub new {
 	return bless( \%opt, $class );
 }
 
+sub hash_password {
+	my ( $self, $password ) = @_;
+	my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 );
+	my $salt       = en_base64( pack( 'C[16]', @salt_bytes ) );
+
+	return bcrypt( substr( $password, 0, 10000 ), '$2a$12$' . $salt );
+}
+
 sub get_token_id {
 	my ( $self, $type ) = @_;
 
@@ -471,7 +480,7 @@ sub add {
 	my $user_name = $opt{name};
 	my $email     = $opt{email};
 	my $token     = $opt{token};
-	my $password  = $opt{password_hash};
+	my $password  = $self->hash_password( $opt{password} );
 
 	# This helper must be called during a transaction, as user creation
 	# may fail even after the database entry has been generated, e.g.  if
@@ -577,11 +586,11 @@ sub delete {
 	return \%res;
 }
 
-sub set_password_hash {
+sub set_password {
 	my ( $self, %opt ) = @_;
 	my $db       = $opt{db} // $self->{pg}->db;
 	my $uid      = $opt{uid};
-	my $password = $opt{password_hash};
+	my $password = $self->hash_password( $opt{password} );
 
 	$db->update( 'users', { password => $password }, { id => $uid } );
 }
-- 
cgit v1.2.3