Loading lib/Travelynx/Command/account.pm +8 −18 Original line number Diff line number Diff line Loading @@ -4,21 +4,12 @@ package Travelynx::Command::account; # # SPDX-License-Identifier: AGPL-3.0-or-later use Mojo::Base 'Mojolicious::Command'; use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64); use UUID::Tiny qw(:std); has description => 'Add or remove user accounts'; has usage => sub { shift->extract_usage }; sub hash_password { my ($password) = @_; my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 ); my $salt = en_base64( pack( 'C[16]', @salt_bytes ) ); return bcrypt( $password, '$2a$12$' . $salt ); } sub add_user { my ( $self, $name, $email ) = @_; Loading @@ -31,7 +22,6 @@ sub add_user { my $token = "tmp"; my $password = substr( create_uuid_as_string(UUID_V4), 0, 18 ); my $password_hash = hash_password($password); my $tx = $db->begin; my $user_id = $self->app->users->add( Loading @@ -39,7 +29,7 @@ sub add_user { name => $name, email => $email, token => $token, password_hash => $password_hash, password => $password, ); my $success = $self->app->users->verify_registration_token( db => $db, Loading lib/Travelynx/Controller/Account.pm +11 −23 Original line number Diff line number Diff line Loading @@ -5,7 +5,6 @@ package Travelynx::Controller::Account; # SPDX-License-Identifier: AGPL-3.0-or-later use Mojo::Base 'Mojolicious::Controller'; use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64); use JSON; use Mojo::Util qw(xml_escape); use Text::Markdown; Loading @@ -29,14 +28,6 @@ my %visibility_atoi = ( # Internal Helpers sub hash_password { my ($password) = @_; my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 ); my $salt = en_base64( pack( 'C[16]', @salt_bytes ) ); return bcrypt( substr( $password, 0, 10000 ), '$2a$12$' . $salt ); } sub make_token { return create_uuid_as_string(UUID_V4); } Loading Loading @@ -363,7 +354,6 @@ sub register { } my $token = make_token(); my $pw_hash = hash_password($password); my $db = $self->pg->db; my $tx = $db->begin; my $user_id = $self->users->add( Loading @@ -371,7 +361,7 @@ sub register { name => $user, email => $email, token => $token, password_hash => $pw_hash password => $password, ); my $success = $self->send_registration_mail( Loading Loading @@ -1074,10 +1064,9 @@ sub change_password { return; } my $pw_hash = hash_password($password); $self->users->set_password_hash( $self->users->set_password( uid => $self->current_user->{id}, password_hash => $pw_hash password => $password ); $self->flash( success => 'password' ); Loading Loading @@ -1178,10 +1167,9 @@ sub request_password_reset { return; } my $pw_hash = hash_password($password); $self->users->set_password_hash( $self->users->set_password( uid => $id, password_hash => $pw_hash password => $password ); my $account = $self->get_user_data($id); Loading lib/Travelynx/Model/Users.pm +12 −3 Original line number Diff line number Diff line Loading @@ -8,6 +8,7 @@ use strict; use warnings; use 5.020; use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64); use DateTime; use JSON; Loading Loading @@ -61,6 +62,14 @@ sub new { return bless( \%opt, $class ); } sub hash_password { my ( $self, $password ) = @_; my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 ); my $salt = en_base64( pack( 'C[16]', @salt_bytes ) ); return bcrypt( substr( $password, 0, 10000 ), '$2a$12$' . $salt ); } sub get_token_id { my ( $self, $type ) = @_; Loading Loading @@ -471,7 +480,7 @@ sub add { my $user_name = $opt{name}; my $email = $opt{email}; my $token = $opt{token}; my $password = $opt{password_hash}; my $password = $self->hash_password( $opt{password} ); # This helper must be called during a transaction, as user creation # may fail even after the database entry has been generated, e.g. if Loading Loading @@ -577,11 +586,11 @@ sub delete { return \%res; } sub set_password_hash { sub set_password { my ( $self, %opt ) = @_; my $db = $opt{db} // $self->{pg}->db; my $uid = $opt{uid}; my $password = $opt{password_hash}; my $password = $self->hash_password( $opt{password} ); $db->update( 'users', { password => $password }, { id => $uid } ); } Loading t/22-visibility.t +12 −21 Original line number Diff line number Diff line Loading @@ -11,7 +11,6 @@ use Mojo::Base -strict; use Test::More; use Test::Mojo; use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64); use DateTime; use Travel::Status::DE::IRIS::Result; Loading Loading @@ -41,14 +40,6 @@ $t->app->start( 'database', 'migrate' ); my $u = $t->app->users; sub hash_password { my ($password) = @_; my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 ); my $salt = en_base64( pack( 'C[16]', @salt_bytes ) ); return bcrypt( substr( $password, 0, 10000 ), '$2a$12$' . $salt ); } sub login { my %opt = @_; my $csrf_token Loading Loading @@ -205,21 +196,21 @@ my $uid1 = $u->add( name => 'test1', email => 'test1@example.org', token => 'abcd', password_hash => hash_password('password1'), password => 'password1', ); my $uid2 = $u->add( name => 'test2', email => 'test2@example.org', token => 'efgh', password_hash => hash_password('password2'), password => 'password2', ); my $uid3 = $u->add( name => 'test3', email => 'test3@example.org', token => 'ijkl', password_hash => hash_password('password3'), password => 'password3', ); $u->verify_registration_token( Loading Loading
lib/Travelynx/Command/account.pm +8 −18 Original line number Diff line number Diff line Loading @@ -4,21 +4,12 @@ package Travelynx::Command::account; # # SPDX-License-Identifier: AGPL-3.0-or-later use Mojo::Base 'Mojolicious::Command'; use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64); use UUID::Tiny qw(:std); has description => 'Add or remove user accounts'; has usage => sub { shift->extract_usage }; sub hash_password { my ($password) = @_; my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 ); my $salt = en_base64( pack( 'C[16]', @salt_bytes ) ); return bcrypt( $password, '$2a$12$' . $salt ); } sub add_user { my ( $self, $name, $email ) = @_; Loading @@ -31,7 +22,6 @@ sub add_user { my $token = "tmp"; my $password = substr( create_uuid_as_string(UUID_V4), 0, 18 ); my $password_hash = hash_password($password); my $tx = $db->begin; my $user_id = $self->app->users->add( Loading @@ -39,7 +29,7 @@ sub add_user { name => $name, email => $email, token => $token, password_hash => $password_hash, password => $password, ); my $success = $self->app->users->verify_registration_token( db => $db, Loading
lib/Travelynx/Controller/Account.pm +11 −23 Original line number Diff line number Diff line Loading @@ -5,7 +5,6 @@ package Travelynx::Controller::Account; # SPDX-License-Identifier: AGPL-3.0-or-later use Mojo::Base 'Mojolicious::Controller'; use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64); use JSON; use Mojo::Util qw(xml_escape); use Text::Markdown; Loading @@ -29,14 +28,6 @@ my %visibility_atoi = ( # Internal Helpers sub hash_password { my ($password) = @_; my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 ); my $salt = en_base64( pack( 'C[16]', @salt_bytes ) ); return bcrypt( substr( $password, 0, 10000 ), '$2a$12$' . $salt ); } sub make_token { return create_uuid_as_string(UUID_V4); } Loading Loading @@ -363,7 +354,6 @@ sub register { } my $token = make_token(); my $pw_hash = hash_password($password); my $db = $self->pg->db; my $tx = $db->begin; my $user_id = $self->users->add( Loading @@ -371,7 +361,7 @@ sub register { name => $user, email => $email, token => $token, password_hash => $pw_hash password => $password, ); my $success = $self->send_registration_mail( Loading Loading @@ -1074,10 +1064,9 @@ sub change_password { return; } my $pw_hash = hash_password($password); $self->users->set_password_hash( $self->users->set_password( uid => $self->current_user->{id}, password_hash => $pw_hash password => $password ); $self->flash( success => 'password' ); Loading Loading @@ -1178,10 +1167,9 @@ sub request_password_reset { return; } my $pw_hash = hash_password($password); $self->users->set_password_hash( $self->users->set_password( uid => $id, password_hash => $pw_hash password => $password ); my $account = $self->get_user_data($id); Loading
lib/Travelynx/Model/Users.pm +12 −3 Original line number Diff line number Diff line Loading @@ -8,6 +8,7 @@ use strict; use warnings; use 5.020; use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64); use DateTime; use JSON; Loading Loading @@ -61,6 +62,14 @@ sub new { return bless( \%opt, $class ); } sub hash_password { my ( $self, $password ) = @_; my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 ); my $salt = en_base64( pack( 'C[16]', @salt_bytes ) ); return bcrypt( substr( $password, 0, 10000 ), '$2a$12$' . $salt ); } sub get_token_id { my ( $self, $type ) = @_; Loading Loading @@ -471,7 +480,7 @@ sub add { my $user_name = $opt{name}; my $email = $opt{email}; my $token = $opt{token}; my $password = $opt{password_hash}; my $password = $self->hash_password( $opt{password} ); # This helper must be called during a transaction, as user creation # may fail even after the database entry has been generated, e.g. if Loading Loading @@ -577,11 +586,11 @@ sub delete { return \%res; } sub set_password_hash { sub set_password { my ( $self, %opt ) = @_; my $db = $opt{db} // $self->{pg}->db; my $uid = $opt{uid}; my $password = $opt{password_hash}; my $password = $self->hash_password( $opt{password} ); $db->update( 'users', { password => $password }, { id => $uid } ); } Loading
t/22-visibility.t +12 −21 Original line number Diff line number Diff line Loading @@ -11,7 +11,6 @@ use Mojo::Base -strict; use Test::More; use Test::Mojo; use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64); use DateTime; use Travel::Status::DE::IRIS::Result; Loading Loading @@ -41,14 +40,6 @@ $t->app->start( 'database', 'migrate' ); my $u = $t->app->users; sub hash_password { my ($password) = @_; my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 ); my $salt = en_base64( pack( 'C[16]', @salt_bytes ) ); return bcrypt( substr( $password, 0, 10000 ), '$2a$12$' . $salt ); } sub login { my %opt = @_; my $csrf_token Loading Loading @@ -205,21 +196,21 @@ my $uid1 = $u->add( name => 'test1', email => 'test1@example.org', token => 'abcd', password_hash => hash_password('password1'), password => 'password1', ); my $uid2 = $u->add( name => 'test2', email => 'test2@example.org', token => 'efgh', password_hash => hash_password('password2'), password => 'password2', ); my $uid3 = $u->add( name => 'test3', email => 'test3@example.org', token => 'ijkl', password_hash => hash_password('password3'), password => 'password3', ); $u->verify_registration_token( Loading
