1 defmodule Pleroma.Password do
3 This module handles password hashing and verification.
4 It will delegate to the appropriate module based on the password hash.
5 It also handles upgrading of password hashes.
9 alias Pleroma.Password.Pbkdf2
12 @hashing_module Argon2
14 @spec hash_pwd_salt(String.t()) :: String.t()
15 defdelegate hash_pwd_salt(pass), to: @hashing_module
17 @spec checkpw(String.t(), String.t()) :: boolean()
18 def checkpw(password, "$2" <> _ = password_hash) do
19 # Handle bcrypt passwords for Mastodon migration
20 Bcrypt.verify_pass(password, password_hash)
23 def checkpw(password, "$pbkdf2" <> _ = password_hash) do
24 Pbkdf2.verify_pass(password, password_hash)
27 def checkpw(password, "$argon2" <> _ = password_hash) do
28 Argon2.verify_pass(password, password_hash)
31 def checkpw(_password, _password_hash) do
32 Logger.error("Password hash not recognized")
36 @spec maybe_update_password(User.t(), String.t()) ::
37 {:ok, User.t()} | {:error, Ecto.Changeset.t()}
38 def maybe_update_password(%User{password_hash: "$2" <> _} = user, password) do
39 do_update_password(user, password)
42 def maybe_update_password(%User{password_hash: "$6" <> _} = user, password) do
43 do_update_password(user, password)
46 def maybe_update_password(%User{password_hash: "$pbkdf2" <> _} = user, password) do
47 do_update_password(user, password)
50 def maybe_update_password(user, _), do: {:ok, user}
52 defp do_update_password(user, password) do
53 User.reset_password(user, %{password: password, password_confirmation: password})