X-Git-Url: https://git.squeep.com/?a=blobdiff_plain;ds=inline;f=lib%2Fpleroma%2Fplugs%2Fauthentication_plug.ex;h=2cdf6c9511f986b44c0266a19012a38ba76c0ca2;hb=5633637862250f1f2613cd02b35b5e3716b8e521;hp=567674a0b1d5953804050429f9ccbe8a60395563;hpb=36049f08efadb5f6f727753ecc1f7be6a5b4e3d8;p=akkoma
diff --git a/lib/pleroma/plugs/authentication_plug.ex b/lib/pleroma/plugs/authentication_plug.ex
index 567674a0b..2cdf6c951 100644
--- a/lib/pleroma/plugs/authentication_plug.ex
+++ b/lib/pleroma/plugs/authentication_plug.ex
@@ -1,11 +1,13 @@
# Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors
+# Copyright © 2017-2020 Pleroma Authors
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Plugs.AuthenticationPlug do
- alias Comeonin.Pbkdf2
- import Plug.Conn
+ alias Pleroma.Plugs.OAuthScopesPlug
alias Pleroma.User
+
+ import Plug.Conn
+
require Logger
def init(options), do: options
@@ -14,8 +16,13 @@ defmodule Pleroma.Plugs.AuthenticationPlug do
:crypt.crypt(password, password_hash) == password_hash
end
+ def checkpw(password, "$2" <> _ = password_hash) do
+ # Handle bcrypt passwords for Mastodon migration
+ Bcrypt.verify_pass(password, password_hash)
+ end
+
def checkpw(password, "$pbkdf2" <> _ = password_hash) do
- Pbkdf2.checkpw(password, password_hash)
+ Pbkdf2.verify_pass(password, password_hash)
end
def checkpw(_password, _password_hash) do
@@ -34,16 +41,17 @@ defmodule Pleroma.Plugs.AuthenticationPlug do
} = conn,
_
) do
- if Pbkdf2.checkpw(password, password_hash) do
+ if checkpw(password, password_hash) do
conn
|> assign(:user, auth_user)
+ |> OAuthScopesPlug.skip_plug()
else
conn
end
end
def call(%{assigns: %{auth_credentials: %{password: _}}} = conn, _) do
- Pbkdf2.dummy_checkpw()
+ Pbkdf2.no_user_verify()
conn
end