Implement Argon2 in place of bcrypt, argon2 command instead of bcrypt and Crypt::Passphrase instead of Authen::Passphrase

This commit is contained in:
swag 2022-11-03 15:38:40 -04:00
parent 6d37beec38
commit 45b64a214e
8 changed files with 44 additions and 29 deletions

View File

@ -32,9 +32,6 @@ Run the tests locally (against development environment):
## TODOs ## TODOs
1. s/Authen::Passphrase::BlowfishCrypt/Crypt::Passphrase/g
1. Need to pass `config` to the Moderator model for bcrypt cost
1. Re-write bcrypt command to use Authen::Passphrase::BlowfishCrypt
1. Some sort of admin/moderator login and view 1. Some sort of admin/moderator login and view
1. Implement tripcodes 1. Implement tripcodes
1. CSS 1. CSS

View File

@ -2,4 +2,5 @@ requires 'Mojolicious';
requires 'Mojo::Pg'; requires 'Mojo::Pg';
requires 'Mojolicious::Plugin::TagHelpers::Pagination'; requires 'Mojolicious::Plugin::TagHelpers::Pagination';
requires 'Mojolicious::Plugin::AssetPack'; requires 'Mojolicious::Plugin::AssetPack';
requires 'Authen::Passphrase::BlowfishCrypt'; requires 'Crypt::Passphrase::Argon2';
requires 'Crypt::Passphrase::Bcrypt'; # Needed for old passphrases

View File

@ -4,6 +4,9 @@ package PostText;
use Mojo::Base 'Mojolicious', -signatures; use Mojo::Base 'Mojolicious', -signatures;
use Mojo::Pg; use Mojo::Pg;
use Crypt::Passphrase;
# The local libs
use PostText::Model::Thread; use PostText::Model::Thread;
use PostText::Model::Remark; use PostText::Model::Remark;
use PostText::Model::Moderator; use PostText::Model::Moderator;
@ -18,6 +21,13 @@ sub startup($self) {
state $pg = Mojo::Pg->new($c->config->{$self->mode}{'pg_string'}) state $pg = Mojo::Pg->new($c->config->{$self->mode}{'pg_string'})
}); });
$self->helper(authenticator => sub ($c) {
state $authenticator = Crypt::Passphrase->new(
encoder => 'Argon2',
validators => ['Bcrypt'], # For old passphrases
)
});
$self->helper(thread => sub ($c) { $self->helper(thread => sub ($c) {
state $thread = PostText::Model::Thread->new(pg => $c->pg) state $thread = PostText::Model::Thread->new(pg => $c->pg)
}); });
@ -27,7 +37,10 @@ sub startup($self) {
}); });
$self->helper(moderator => sub ($c) { $self->helper(moderator => sub ($c) {
state $moderator = PostText::Model::Moderator->new(pg => $c->pg) state $moderator = PostText::Model::Moderator->new(
pg => $c->pg,
authenticator => $c->authenticator
)
}); });
$self->helper(truncate_text => sub ($c, $input_text) { $self->helper(truncate_text => sub ($c, $input_text) {
@ -40,7 +53,7 @@ sub startup($self) {
# Finish configuring some things # Finish configuring some things
$self->secrets($self->config->{'secrets'}) || die $@; $self->secrets($self->config->{'secrets'}) || die $@;
$self->pg->migrations->from_dir('migrations')->migrate(8); $self->pg->migrations->from_dir('migrations')->migrate(9);
if (my $threads_per_page = $self->config->{'threads_per_page'}) { if (my $threads_per_page = $self->config->{'threads_per_page'}) {
$self->thread->per_page($threads_per_page) $self->thread->per_page($threads_per_page)

View File

@ -0,0 +1,18 @@
package PostText::Command::argon2;
use Mojo::Base 'Mojolicious::Command', -signatures;
has description => 'Hash a string with Argon2';
has usage => sub ($self) { $self->extract_usage };
sub run($self, @args) {
say $self->app->authenticator->hash_password($_) for @args;
}
1;
=head1 SYNOPSIS
Usage: APPLICATION argon2 STRING(S)
=cut

View File

@ -1,18 +0,0 @@
package PostText::Command::bcrypt;
use Mojo::Base 'Mojolicious::Command', -signatures;
has description => 'Hash a string with brcypt';
has usage => sub ($self) { $self->extract_usage };
sub run($self, @args) {
say $self->app->bcrypt($_) for @args;
}
1;
=head1 SYNOPSIS
Usage: APPLICATION bcrypt STRING(S)
=cut

View File

@ -1,10 +1,9 @@
package PostText::Model::Moderator; package PostText::Model::Moderator;
use Mojo::Base -base, -signatures; use Mojo::Base -base, -signatures;
use Authen::Passphrase::BlowfishCrypt;
use Data::Dumper;
has 'pg'; has 'pg';
has 'authenticator';
sub check_password($self, $email, $password) { sub check_password($self, $email, $password) {
my $moderator = my $moderator =
@ -17,9 +16,8 @@ sub check_password($self, $email, $password) {
return undef unless $moderator->{'id'}; return undef unless $moderator->{'id'};
return Authen::Passphrase::BlowfishCrypt return $self->authenticator
->from_crypt($moderator->{'password_hash'}) ->verify_password($password, $moderator->{'password_hash'});
->match($password);
} }
1; 1;

3
migrations/9/down.sql Normal file
View File

@ -0,0 +1,3 @@
ALTER TABLE moderators
ALTER COLUMN password_hash
TYPE VARCHAR(64);

3
migrations/9/up.sql Normal file
View File

@ -0,0 +1,3 @@
ALTER TABLE moderators
ALTER COLUMN password_hash
TYPE TEXT;