# Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Plugs.AuthenticationPlug do
alias Comeonin.Pbkdf2
- import Plug.Conn
+ alias Pleroma.Plugs.OAuthScopesPlug
alias Pleroma.User
+
+ import Plug.Conn
+
require Logger
- def init(options) do
- options
- end
+ def init(options), do: options
- def checkpw(password, password_hash) do
- cond do
- String.starts_with?(password_hash, "$pbkdf2") ->
- Pbkdf2.checkpw(password, password_hash)
+ def checkpw(password, "$6" <> _ = password_hash) do
+ :crypt.crypt(password, password_hash) == password_hash
+ end
- String.starts_with?(password_hash, "$6") ->
- :crypt.crypt(password, password_hash) == password_hash
+ def checkpw(password, "$pbkdf2" <> _ = password_hash) do
+ Pbkdf2.checkpw(password, password_hash)
+ end
- true ->
- Logger.error("Password hash not recognized")
- false
- end
+ def checkpw(_password, _password_hash) do
+ Logger.error("Password hash not recognized")
+ false
end
def call(%{assigns: %{user: %User{}}} = conn, _), do: conn
if Pbkdf2.checkpw(password, password_hash) do
conn
|> assign(:user, auth_user)
+ |> OAuthScopesPlug.skip_plug()
else
conn
end