Implement Argon2 in place of bcrypt, argon2 command instead of bcrypt and Crypt::Passphrase instead of Authen::Passphrase

README.md

@@ -32,9 +32,6 @@ Run the tests locally (against development environment):
 
 ## TODOs
 
-1. s/Authen::Passphrase::BlowfishCrypt/Crypt::Passphrase/g
-1. Need to pass `config` to the Moderator model for bcrypt cost
-1. Re-write bcrypt command to use Authen::Passphrase::BlowfishCrypt
 1. Some sort of admin/moderator login and view
 1. Implement tripcodes
 1. CSS

cpanfile

@@ -2,4 +2,5 @@ requires 'Mojolicious';
 requires 'Mojo::Pg';
 requires 'Mojolicious::Plugin::TagHelpers::Pagination';
 requires 'Mojolicious::Plugin::AssetPack';
-requires 'Authen::Passphrase::BlowfishCrypt';
+requires 'Crypt::Passphrase::Argon2';
+requires 'Crypt::Passphrase::Bcrypt'; # Needed for old passphrases

lib/PostText.pm

@@ -4,6 +4,9 @@ package PostText;
 
 use Mojo::Base 'Mojolicious', -signatures;
 use Mojo::Pg;
+use Crypt::Passphrase;
+
+# The local libs
 use PostText::Model::Thread;
 use PostText::Model::Remark;
 use PostText::Model::Moderator;
@@ -18,6 +21,13 @@ sub startup($self) {
         state $pg = Mojo::Pg->new($c->config->{$self->mode}{'pg_string'})
     });
 
+    $self->helper(authenticator => sub ($c) {
+        state $authenticator = Crypt::Passphrase->new(
+            encoder    => 'Argon2',
+            validators => ['Bcrypt'], # For old passphrases
+          )
+    });
+
     $self->helper(thread => sub ($c) {
         state $thread = PostText::Model::Thread->new(pg => $c->pg)
     });
@@ -27,7 +37,10 @@ sub startup($self) {
     });
 
     $self->helper(moderator => sub ($c) {
-        state $moderator = PostText::Model::Moderator->new(pg => $c->pg)
+        state $moderator = PostText::Model::Moderator->new(
+            pg            => $c->pg,
+            authenticator => $c->authenticator
+          )
     });
 
     $self->helper(truncate_text => sub ($c, $input_text) {
@@ -40,7 +53,7 @@ sub startup($self) {
     # Finish configuring some things
     $self->secrets($self->config->{'secrets'}) || die $@;
 
-    $self->pg->migrations->from_dir('migrations')->migrate(8);
+    $self->pg->migrations->from_dir('migrations')->migrate(9);
 
     if (my $threads_per_page = $self->config->{'threads_per_page'}) {
         $self->thread->per_page($threads_per_page)

lib/PostText/Command/argon2.pm

@@ -0,0 +1,18 @@
+package PostText::Command::argon2;
+
+use Mojo::Base 'Mojolicious::Command', -signatures;
+
+has description => 'Hash a string with Argon2';
+has usage       => sub ($self) { $self->extract_usage };
+
+sub run($self, @args) {
+    say $self->app->authenticator->hash_password($_) for @args;
+}
+
+1;
+
+=head1 SYNOPSIS
+
+  Usage: APPLICATION argon2 STRING(S)
+
+=cut

lib/PostText/Command/bcrypt.pm

@@ -1,18 +0,0 @@
-package PostText::Command::bcrypt;
-
-use Mojo::Base 'Mojolicious::Command', -signatures;
-
-has description => 'Hash a string with brcypt';
-has usage       => sub ($self) { $self->extract_usage };
-
-sub run($self, @args) {
-    say $self->app->bcrypt($_) for @args;
-}
-
-1;
-
-=head1 SYNOPSIS
-
-  Usage: APPLICATION bcrypt STRING(S)
-
-=cut

lib/PostText/Model/Moderator.pm

@@ -1,10 +1,9 @@
 package PostText::Model::Moderator;
 
 use Mojo::Base -base, -signatures;
-use Authen::Passphrase::BlowfishCrypt;
-use Data::Dumper;
 
 has 'pg';
+has 'authenticator';
 
 sub check_password($self, $email, $password) {
     my $moderator =
@@ -17,9 +16,8 @@ sub check_password($self, $email, $password) {
 
     return undef unless $moderator->{'id'};
 
-    return Authen::Passphrase::BlowfishCrypt
-        ->from_crypt($moderator->{'password_hash'})
-        ->match($password);
+    return $self->authenticator
+        ->verify_password($password, $moderator->{'password_hash'});
 }
 
 1;

migrations/9/down.sql

@@ -0,0 +1,3 @@
+ALTER TABLE moderators
+ALTER COLUMN password_hash
+ TYPE VARCHAR(64);

migrations/9/up.sql

@@ -0,0 +1,3 @@
+ALTER TABLE moderators
+ALTER COLUMN password_hash
+ TYPE TEXT;