1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.Plugs.AuthenticationPlug do
6 @moduledoc "Password authentication plug."
8 alias Pleroma.Helpers.AuthHelper
10 alias Pleroma.Password
16 def init(options), do: options
18 def call(%{assigns: %{user: %User{}}} = conn, _), do: conn
23 auth_user: %{password_hash: password_hash} = auth_user,
24 auth_credentials: %{password: password}
29 if Password.checkpw(password, password_hash) do
30 {:ok, auth_user} = Password.maybe_update_password(auth_user, password)
33 |> assign(:user, auth_user)
34 |> AuthHelper.skip_oauth()
40 def call(conn, _), do: conn
42 @spec checkpw(String.t(), String.t()) :: boolean
43 defdelegate checkpw(password, hash), to: Password