Upgrade Comeonin to v5

https://github.com/riverrun/comeonin/blob/master/UPGRADE_v5.md
2020-05-12 16:42:24 -05:00 · 2020-05-12 16:42:24 -05:00 · b46811a074
commit b46811a074
parent c74018e6a7
22 changed files with 37 additions and 45 deletions
--- a/lib/pleroma/bbs/authenticator.ex
+++ b/lib/pleroma/bbs/authenticator.ex
@ -4,7 +4,6 @@

 defmodule Pleroma.BBS.Authenticator do
  use Sshd.PasswordAuthenticator
-  alias Comeonin.Pbkdf2
  alias Pleroma.User

  def authenticate(username, password) do
@ -12,7 +11,7 @@ defmodule Pleroma.BBS.Authenticator do
    password = to_string(password)

    with %User{} = user <- User.get_by_nickname(username) do
-      Pbkdf2.checkpw(password, user.password_hash)
+      Pbkdf2.verify_pass(password, user.password_hash)
    else
      _e -> false
    end
--- a/lib/pleroma/mfa.ex
+++ b/lib/pleroma/mfa.ex
@ -7,7 +7,6 @@ defmodule Pleroma.MFA do
  The MFA context.
  """

-  alias Comeonin.Pbkdf2
  alias Pleroma.User

  alias Pleroma.MFA.BackupCodes
@ -72,7 +71,7 @@ defmodule Pleroma.MFA do
  @spec generate_backup_codes(User.t()) :: {:ok, list(binary)} | {:error, String.t()}
  def generate_backup_codes(%User{} = user) do
    with codes <- BackupCodes.generate(),
-         hashed_codes <- Enum.map(codes, &Pbkdf2.hashpwsalt/1),
+         hashed_codes <- Enum.map(codes, &Pbkdf2.hash_pwd_salt/1),
         changeset <- Changeset.cast_backup_codes(user, hashed_codes),
         {:ok, _} <- User.update_and_set_cache(changeset) do
      {:ok, codes}
--- a/lib/pleroma/plugs/authentication_plug.ex
+++ b/lib/pleroma/plugs/authentication_plug.ex
@ -3,7 +3,6 @@
 # SPDX-License-Identifier: AGPL-3.0-only

 defmodule Pleroma.Plugs.AuthenticationPlug do
-  alias Comeonin.Pbkdf2
  alias Pleroma.Plugs.OAuthScopesPlug
  alias Pleroma.User

@ -18,7 +17,7 @@ defmodule Pleroma.Plugs.AuthenticationPlug do
  end

  def checkpw(password, "$pbkdf2" <> _ = password_hash) do
-    Pbkdf2.checkpw(password, password_hash)
+    Pbkdf2.verify_pass(password, password_hash)
  end

  def checkpw(_password, _password_hash) do
@ -37,7 +36,7 @@ defmodule Pleroma.Plugs.AuthenticationPlug do
        } = conn,
        _
      ) do
-    if Pbkdf2.checkpw(password, password_hash) do
+    if Pbkdf2.verify_pass(password, password_hash) do
      conn
      |> assign(:user, auth_user)
      |> OAuthScopesPlug.skip_plug()
@ -47,7 +46,7 @@ defmodule Pleroma.Plugs.AuthenticationPlug do
  end

  def call(%{assigns: %{auth_credentials: %{password: _}}} = conn, _) do
-    Pbkdf2.dummy_checkpw()
+    Pbkdf2.no_user_verify()
    conn
  end

--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@ -9,7 +9,6 @@ defmodule Pleroma.User do
  import Ecto.Query
  import Ecto, only: [assoc: 2]

-  alias Comeonin.Pbkdf2
  alias Ecto.Multi
  alias Pleroma.Activity
  alias Pleroma.Config
@ -1926,7 +1925,7 @@ defmodule Pleroma.User do
  defp put_password_hash(
         %Ecto.Changeset{valid?: true, changes: %{password: password}} = changeset
       ) do
-    change(changeset, password_hash: Pbkdf2.hashpwsalt(password))
+    change(changeset, password_hash: Pbkdf2.hash_pwd_salt(password))
  end

  defp put_password_hash(changeset), do: changeset
--- a/lib/pleroma/web/auth/totp_authenticator.ex
+++ b/lib/pleroma/web/auth/totp_authenticator.ex
@ -3,7 +3,6 @@
 # SPDX-License-Identifier: AGPL-3.0-only

 defmodule Pleroma.Web.Auth.TOTPAuthenticator do
-  alias Comeonin.Pbkdf2
  alias Pleroma.MFA
  alias Pleroma.MFA.TOTP
  alias Pleroma.User
@ -31,7 +30,7 @@ defmodule Pleroma.Web.Auth.TOTPAuthenticator do
        code
      )
      when is_list(codes) and is_binary(code) do
-    hash_code = Enum.find(codes, fn hash -> Pbkdf2.checkpw(code, hash) end)
+    hash_code = Enum.find(codes, fn hash -> Pbkdf2.verify_pass(code, hash) end)

    if hash_code do
      MFA.invalidate_backup_code(user, hash_code)
--- a/lib/pleroma/web/mongooseim/mongoose_im_controller.ex
+++ b/lib/pleroma/web/mongooseim/mongoose_im_controller.ex
@ -5,7 +5,6 @@
 defmodule Pleroma.Web.MongooseIM.MongooseIMController do
  use Pleroma.Web, :controller

-  alias Comeonin.Pbkdf2
  alias Pleroma.Plugs.RateLimiter
  alias Pleroma.Repo
  alias Pleroma.User
@ -28,7 +27,7 @@ defmodule Pleroma.Web.MongooseIM.MongooseIMController do
  def check_password(conn, %{"user" => username, "pass" => password}) do
    with %User{password_hash: password_hash, deactivated: false} <-
           Repo.get_by(User, nickname: username, local: true),
-         true <- Pbkdf2.checkpw(password, password_hash) do
+         true <- Pbkdf2.verify_pass(password, password_hash) do
      conn
      |> json(true)
    else