diff options
| author | Ivan Tashkinov <ivantashkinov@gmail.com> | 2020-10-17 13:12:39 +0300 |
|---|---|---|
| committer | Ivan Tashkinov <ivantashkinov@gmail.com> | 2020-10-17 13:12:39 +0300 |
| commit | 049ece1ef38f1aeb656a88ed1d15bf3d4a364e01 (patch) | |
| tree | 16d4a05e533685e8b8385f886e58addb05a90d7d /lib/pleroma/web/plugs/authentication_plug.ex | |
| parent | 2498e569f12694439b6f99d0730f6fb36301c454 (diff) | |
| parent | 023f726d7f497705d766adee8874b94efb08a0aa (diff) | |
| download | pleroma-049ece1ef38f1aeb656a88ed1d15bf3d4a364e01.tar.gz | |
Merge remote-tracking branch 'remotes/origin/develop' into ostatus-controller-no-auth-check-on-non-federating-instances
# Conflicts:
# lib/pleroma/web/feed/user_controller.ex
# lib/pleroma/web/o_status/o_status_controller.ex
# lib/pleroma/web/router.ex
# lib/pleroma/web/static_fe/static_fe_controller.ex
Diffstat (limited to 'lib/pleroma/web/plugs/authentication_plug.ex')
| -rw-r--r-- | lib/pleroma/web/plugs/authentication_plug.ex | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/lib/pleroma/web/plugs/authentication_plug.ex b/lib/pleroma/web/plugs/authentication_plug.ex new file mode 100644 index 000000000..e2a8b1b69 --- /dev/null +++ b/lib/pleroma/web/plugs/authentication_plug.ex @@ -0,0 +1,79 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.Plugs.AuthenticationPlug do + alias Pleroma.User + + import Plug.Conn + + require Logger + + def init(options), do: options + + def checkpw(password, "$6" <> _ = password_hash) do + :crypt.crypt(password, password_hash) == password_hash + end + + def checkpw(password, "$2" <> _ = password_hash) do + # Handle bcrypt passwords for Mastodon migration + Bcrypt.verify_pass(password, password_hash) + end + + def checkpw(password, "$pbkdf2" <> _ = password_hash) do + Pbkdf2.verify_pass(password, password_hash) + end + + def checkpw(_password, _password_hash) do + Logger.error("Password hash not recognized") + false + end + + def maybe_update_password(%User{password_hash: "$2" <> _} = user, password) do + do_update_password(user, password) + end + + def maybe_update_password(%User{password_hash: "$6" <> _} = user, password) do + do_update_password(user, password) + end + + def maybe_update_password(user, _), do: {:ok, user} + + defp do_update_password(user, password) do + user + |> User.password_update_changeset(%{ + "password" => password, + "password_confirmation" => password + }) + |> Pleroma.Repo.update() + end + + def call(%{assigns: %{user: %User{}}} = conn, _), do: conn + + def call( + %{ + assigns: %{ + auth_user: %{password_hash: password_hash} = auth_user, + auth_credentials: %{password: password} + } + } = conn, + _ + ) do + if checkpw(password, password_hash) do + {:ok, auth_user} = maybe_update_password(auth_user, password) + + conn + |> assign(:user, auth_user) + |> Pleroma.Web.Plugs.OAuthScopesPlug.skip_plug() + else + conn + end + end + + def call(%{assigns: %{auth_credentials: %{password: _}}} = conn, _) do + Pbkdf2.no_user_verify() + conn + end + + def call(conn, _), do: conn +end |