From 45b64a214e60754ab58092b6088e61ffdb46825d Mon Sep 17 00:00:00 2001 From: swag Date: Thu, 3 Nov 2022 15:38:40 -0400 Subject: [PATCH] Implement Argon2 in place of bcrypt, argon2 command instead of bcrypt and Crypt::Passphrase instead of Authen::Passphrase --- README.md | 3 --- cpanfile | 3 ++- lib/PostText.pm | 17 +++++++++++++++-- lib/PostText/Command/argon2.pm | 18 ++++++++++++++++++ lib/PostText/Command/bcrypt.pm | 18 ------------------ lib/PostText/Model/Moderator.pm | 8 +++----- migrations/9/down.sql | 3 +++ migrations/9/up.sql | 3 +++ 8 files changed, 44 insertions(+), 29 deletions(-) create mode 100644 lib/PostText/Command/argon2.pm delete mode 100644 lib/PostText/Command/bcrypt.pm create mode 100644 migrations/9/down.sql create mode 100644 migrations/9/up.sql diff --git a/README.md b/README.md index 920fd32..14b2d28 100644 --- a/README.md +++ b/README.md @@ -32,9 +32,6 @@ Run the tests locally (against development environment): ## TODOs -1. s/Authen::Passphrase::BlowfishCrypt/Crypt::Passphrase/g -1. Need to pass `config` to the Moderator model for bcrypt cost -1. Re-write bcrypt command to use Authen::Passphrase::BlowfishCrypt 1. Some sort of admin/moderator login and view 1. Implement tripcodes 1. CSS diff --git a/cpanfile b/cpanfile index 154df0a..b6c6f53 100644 --- a/cpanfile +++ b/cpanfile @@ -2,4 +2,5 @@ requires 'Mojolicious'; requires 'Mojo::Pg'; requires 'Mojolicious::Plugin::TagHelpers::Pagination'; requires 'Mojolicious::Plugin::AssetPack'; -requires 'Authen::Passphrase::BlowfishCrypt'; +requires 'Crypt::Passphrase::Argon2'; +requires 'Crypt::Passphrase::Bcrypt'; # Needed for old passphrases diff --git a/lib/PostText.pm b/lib/PostText.pm index 1d508fa..43c874f 100644 --- a/lib/PostText.pm +++ b/lib/PostText.pm @@ -4,6 +4,9 @@ package PostText; use Mojo::Base 'Mojolicious', -signatures; use Mojo::Pg; +use Crypt::Passphrase; + +# The local libs use PostText::Model::Thread; use PostText::Model::Remark; use PostText::Model::Moderator; @@ -18,6 +21,13 @@ sub startup($self) { state $pg = Mojo::Pg->new($c->config->{$self->mode}{'pg_string'}) }); + $self->helper(authenticator => sub ($c) { + state $authenticator = Crypt::Passphrase->new( + encoder => 'Argon2', + validators => ['Bcrypt'], # For old passphrases + ) + }); + $self->helper(thread => sub ($c) { state $thread = PostText::Model::Thread->new(pg => $c->pg) }); @@ -27,7 +37,10 @@ sub startup($self) { }); $self->helper(moderator => sub ($c) { - state $moderator = PostText::Model::Moderator->new(pg => $c->pg) + state $moderator = PostText::Model::Moderator->new( + pg => $c->pg, + authenticator => $c->authenticator + ) }); $self->helper(truncate_text => sub ($c, $input_text) { @@ -40,7 +53,7 @@ sub startup($self) { # Finish configuring some things $self->secrets($self->config->{'secrets'}) || die $@; - $self->pg->migrations->from_dir('migrations')->migrate(8); + $self->pg->migrations->from_dir('migrations')->migrate(9); if (my $threads_per_page = $self->config->{'threads_per_page'}) { $self->thread->per_page($threads_per_page) diff --git a/lib/PostText/Command/argon2.pm b/lib/PostText/Command/argon2.pm new file mode 100644 index 0000000..49bb153 --- /dev/null +++ b/lib/PostText/Command/argon2.pm @@ -0,0 +1,18 @@ +package PostText::Command::argon2; + +use Mojo::Base 'Mojolicious::Command', -signatures; + +has description => 'Hash a string with Argon2'; +has usage => sub ($self) { $self->extract_usage }; + +sub run($self, @args) { + say $self->app->authenticator->hash_password($_) for @args; +} + +1; + +=head1 SYNOPSIS + + Usage: APPLICATION argon2 STRING(S) + +=cut diff --git a/lib/PostText/Command/bcrypt.pm b/lib/PostText/Command/bcrypt.pm deleted file mode 100644 index 2128ea8..0000000 --- a/lib/PostText/Command/bcrypt.pm +++ /dev/null @@ -1,18 +0,0 @@ -package PostText::Command::bcrypt; - -use Mojo::Base 'Mojolicious::Command', -signatures; - -has description => 'Hash a string with brcypt'; -has usage => sub ($self) { $self->extract_usage }; - -sub run($self, @args) { - say $self->app->bcrypt($_) for @args; -} - -1; - -=head1 SYNOPSIS - - Usage: APPLICATION bcrypt STRING(S) - -=cut diff --git a/lib/PostText/Model/Moderator.pm b/lib/PostText/Model/Moderator.pm index 7e08ebf..61df924 100644 --- a/lib/PostText/Model/Moderator.pm +++ b/lib/PostText/Model/Moderator.pm @@ -1,10 +1,9 @@ package PostText::Model::Moderator; use Mojo::Base -base, -signatures; -use Authen::Passphrase::BlowfishCrypt; -use Data::Dumper; has 'pg'; +has 'authenticator'; sub check_password($self, $email, $password) { my $moderator = @@ -17,9 +16,8 @@ sub check_password($self, $email, $password) { return undef unless $moderator->{'id'}; - return Authen::Passphrase::BlowfishCrypt - ->from_crypt($moderator->{'password_hash'}) - ->match($password); + return $self->authenticator + ->verify_password($password, $moderator->{'password_hash'}); } 1; diff --git a/migrations/9/down.sql b/migrations/9/down.sql new file mode 100644 index 0000000..032c68c --- /dev/null +++ b/migrations/9/down.sql @@ -0,0 +1,3 @@ +ALTER TABLE moderators +ALTER COLUMN password_hash + TYPE VARCHAR(64); diff --git a/migrations/9/up.sql b/migrations/9/up.sql new file mode 100644 index 0000000..b592624 --- /dev/null +++ b/migrations/9/up.sql @@ -0,0 +1,3 @@ +ALTER TABLE moderators +ALTER COLUMN password_hash + TYPE TEXT;