diff options
| author | rinpatch <rinpatch@sdf.org> | 2020-05-18 07:57:13 +0000 |
|---|---|---|
| committer | rinpatch <rinpatch@sdf.org> | 2020-05-18 07:57:13 +0000 |
| commit | 1199cf3a788334cd3fdb968d9f736e43c1401da1 (patch) | |
| tree | 61fc3e5a4a941a1e5e4b39b3e8009d6cbe6cf00b /lib | |
| parent | b0ccdb5af4baa119b336298d38f34746cdce0111 (diff) | |
| parent | 8bfd9710ae70204b29e184f08d78b95a2f81ad6c (diff) | |
| download | pleroma-1199cf3a788334cd3fdb968d9f736e43c1401da1.tar.gz | |
Merge branch '1763-password-updates' into 'develop'
Authentication Plug: Update bcrypt password on login.
Closes #1763
See merge request pleroma/pleroma!2542
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/pleroma/plugs/authentication_plug.ex | 21 | ||||
| -rw-r--r-- | lib/pleroma/web/auth/pleroma_authenticator.ex | 3 |
2 files changed, 23 insertions, 1 deletions
diff --git a/lib/pleroma/plugs/authentication_plug.ex b/lib/pleroma/plugs/authentication_plug.ex index 2cdf6c951..057ea42f1 100644 --- a/lib/pleroma/plugs/authentication_plug.ex +++ b/lib/pleroma/plugs/authentication_plug.ex @@ -30,6 +30,25 @@ defmodule Pleroma.Plugs.AuthenticationPlug do false end + def maybe_update_password(%User{password_hash: "$2" <> _} = user, password) do + do_update_password(user, password) + end + + def maybe_update_password(%User{password_hash: "$6" <> _} = user, password) do + do_update_password(user, password) + end + + def maybe_update_password(user, _), do: {:ok, user} + + defp do_update_password(user, password) do + user + |> User.password_update_changeset(%{ + "password" => password, + "password_confirmation" => password + }) + |> Pleroma.Repo.update() + end + def call(%{assigns: %{user: %User{}}} = conn, _), do: conn def call( @@ -42,6 +61,8 @@ defmodule Pleroma.Plugs.AuthenticationPlug do _ ) do if checkpw(password, password_hash) do + {:ok, auth_user} = maybe_update_password(auth_user, password) + conn |> assign(:user, auth_user) |> OAuthScopesPlug.skip_plug() diff --git a/lib/pleroma/web/auth/pleroma_authenticator.ex b/lib/pleroma/web/auth/pleroma_authenticator.ex index a8f554aa3..200ca03dc 100644 --- a/lib/pleroma/web/auth/pleroma_authenticator.ex +++ b/lib/pleroma/web/auth/pleroma_authenticator.ex @@ -16,7 +16,8 @@ defmodule Pleroma.Web.Auth.PleromaAuthenticator do def get_user(%Plug.Conn{} = conn) do with {:ok, {name, password}} <- fetch_credentials(conn), {_, %User{} = user} <- {:user, fetch_user(name)}, - {_, true} <- {:checkpw, AuthenticationPlug.checkpw(password, user.password_hash)} do + {_, true} <- {:checkpw, AuthenticationPlug.checkpw(password, user.password_hash)}, + {:ok, user} <- AuthenticationPlug.maybe_update_password(user, password) do {:ok, user} else {:error, _reason} = error -> error |