logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma git clone https://hacktivis.me/git/pleroma.git
commit: 9de522ce5048bd72dd083a1661506b563be27cc1
parent c9b28eaf9a484fa1f2c27d00855c997575369782
Author: Mint <mint@plagu.ee>
Date:   Sun,  8 Sep 2024 05:32:40 +0300

Authentication: convert argon2 passwords, add tests


Diffstat:


Mlib/pleroma/web/plugs/authentication_plug.ex5+++++


Mtest/pleroma/web/plugs/authentication_plug_test.exs26++++++++++++++++++++++++++


2 files changed, 31 insertions(+), 0 deletions(-)

diff --git a/lib/pleroma/web/plugs/authentication_plug.ex b/lib/pleroma/web/plugs/authentication_plug.ex
@@ -48,6 +48,7 @@ defmodule Pleroma.Web.Plugs.AuthenticationPlug do
   end
 
   def checkpw(password, "$argon2" <> _ = password_hash) do
+    # Handle argon2 passwords for Akkoma migration
     Argon2.verify_pass(password, password_hash)
   end
 
@@ -60,6 +61,10 @@ defmodule Pleroma.Web.Plugs.AuthenticationPlug do
     do_update_password(user, password)
   end
 
+  def maybe_update_password(%User{password_hash: "$argon2" <> _} = user, password) do
+    do_update_password(user, password)
+  end
+
   def maybe_update_password(user, _), do: {:ok, user}
 
   defp do_update_password(user, password) do
diff --git a/test/pleroma/web/plugs/authentication_plug_test.exs b/test/pleroma/web/plugs/authentication_plug_test.exs
@@ -70,6 +70,24 @@ defmodule Pleroma.Web.Plugs.AuthenticationPlugTest do
     assert "$pbkdf2" <> _ = user.password_hash
   end
 
+  test "with an argon2 hash, it updates to a pkbdf2 hash", %{conn: conn} do
+    user = insert(:user, password_hash: Argon2.hash_pwd_salt("123"))
+    assert "$argon2" <> _ = user.password_hash
+
+    conn =
+      conn
+      |> assign(:auth_user, user)
+      |> assign(:auth_credentials, %{password: "123"})
+      |> AuthenticationPlug.call(%{})
+
+    assert conn.assigns.user.id == conn.assigns.auth_user.id
+    assert conn.assigns.token == nil
+    assert PlugHelper.plug_skipped?(conn, OAuthScopesPlug)
+
+    user = User.get_by_id(user.id)
+    assert "$pbkdf2" <> _ = user.password_hash
+  end
+
   describe "checkpw/2" do
     test "check pbkdf2 hash" do
       hash =
@@ -86,6 +104,14 @@ defmodule Pleroma.Web.Plugs.AuthenticationPlugTest do
       refute AuthenticationPlug.checkpw("password1", hash)
     end
 
+    test "check argon2 hash" do
+      hash =
+        "$argon2id$v=19$m=65536,t=8,p=2$zEMMsTuK5KkL5AFWbX7jyQ$VyaQD7PF6e9btz0oH1YiAkWwIGZ7WNDZP8l+a/O171g"
+
+      assert AuthenticationPlug.checkpw("password", hash)
+      refute AuthenticationPlug.checkpw("password1", hash)
+    end
+
     test "it returns false when hash invalid" do
       hash =
         "psBWV8gxkGOZWBz$PmfCycChoxeJ3GgGzwvhlgacb9mUoZ.KUXNCssekER4SJ7bOK53uXrHNb2e4i8yPFgSKyzaW9CcmrDXWIEMtD1"