Pbkdf2.verify_pass --> AuthenticationPlug.checkpw

diff --git a/lib/pleroma/bbs/authenticator.ex b/lib/pleroma/bbs/authenticator.ex
index d4494b00304bb25aec03af26b21109cb8bbfab21..815de70020e6cf519fe9c08b06c8557a3e74d68f 100644 (file)
--- a/lib/pleroma/bbs/authenticator.ex
+++ b/lib/pleroma/bbs/authenticator.ex
@@ -4,6 +4,7 @@
 
 defmodule Pleroma.BBS.Authenticator do
   use Sshd.PasswordAuthenticator
+  alias Pleroma.Plugs.AuthenticationPlug
   alias Pleroma.User
 
   def authenticate(username, password) do
@@ -11,7 +12,7 @@ defmodule Pleroma.BBS.Authenticator do
     password = to_string(password)
 
     with %User{} = user <- User.get_by_nickname(username) do
-      Pbkdf2.verify_pass(password, user.password_hash)
+      AuthenticationPlug.checkpw(password, user.password_hash)
     else
       _e -> false
     end

diff --git a/lib/pleroma/plugs/authentication_plug.ex b/lib/pleroma/plugs/authentication_plug.ex
index 1994b807e80d01c5fbee112ad16e2d2f775ca5fd..2cdf6c9511f986b44c0266a19012a38ba76c0ca2 100644 (file)
--- a/lib/pleroma/plugs/authentication_plug.ex
+++ b/lib/pleroma/plugs/authentication_plug.ex
@@ -41,7 +41,7 @@ defmodule Pleroma.Plugs.AuthenticationPlug do
         } = conn,
         _
       ) do
-    if Pbkdf2.verify_pass(password, password_hash) do
+    if checkpw(password, password_hash) do
       conn
       |> assign(:user, auth_user)
       |> OAuthScopesPlug.skip_plug()

diff --git a/lib/pleroma/web/auth/totp_authenticator.ex b/lib/pleroma/web/auth/totp_authenticator.ex
index 04e489c8398fe14ec33aae4e64772b169c1a41d9..ce8a76219f3d48e940ba83474abcd48baa7894f0 100644 (file)
--- a/lib/pleroma/web/auth/totp_authenticator.ex
+++ b/lib/pleroma/web/auth/totp_authenticator.ex
@@ -5,6 +5,7 @@
 defmodule Pleroma.Web.Auth.TOTPAuthenticator do
   alias Pleroma.MFA
   alias Pleroma.MFA.TOTP
+  alias Pleroma.Plugs.AuthenticationPlug
   alias Pleroma.User
 
   @doc "Verify code or check backup code."
@@ -30,7 +31,7 @@ defmodule Pleroma.Web.Auth.TOTPAuthenticator do
         code
       )
       when is_list(codes) and is_binary(code) do
-    hash_code = Enum.find(codes, fn hash -> Pbkdf2.verify_pass(code, hash) end)
+    hash_code = Enum.find(codes, fn hash -> AuthenticationPlug.checkpw(code, hash) end)
 
     if hash_code do
       MFA.invalidate_backup_code(user, hash_code)

diff --git a/lib/pleroma/web/mongooseim/mongoose_im_controller.ex b/lib/pleroma/web/mongooseim/mongoose_im_controller.ex
index 0814b3bc34f43a7d91a05c2848562b41037c2b54..6cbbe8fd8dbb7ea1f879f4686a4a955f7671073e 100644 (file)
--- a/lib/pleroma/web/mongooseim/mongoose_im_controller.ex
+++ b/lib/pleroma/web/mongooseim/mongoose_im_controller.ex
@@ -5,6 +5,7 @@
 defmodule Pleroma.Web.MongooseIM.MongooseIMController do
   use Pleroma.Web, :controller
 
+  alias Pleroma.Plugs.AuthenticationPlug
   alias Pleroma.Plugs.RateLimiter
   alias Pleroma.Repo
   alias Pleroma.User
@@ -27,7 +28,7 @@ defmodule Pleroma.Web.MongooseIM.MongooseIMController do
   def check_password(conn, %{"user" => username, "pass" => password}) do
     with %User{password_hash: password_hash, deactivated: false} <-
            Repo.get_by(User, nickname: username, local: true),
-         true <- Pbkdf2.verify_pass(password, password_hash) do
+         true <- AuthenticationPlug.checkpw(password, password_hash) do
       conn
       |> json(true)
     else