Merge branch 'sha512-crypt' into 'develop'

detect and use sha512-crypt for stored password hash. See merge request pleroma/pleroma!1422
2019-07-15 16:13:17 +00:00 · 2019-07-15 16:13:17 +00:00 · ee5250ae56
commit ee5250ae56
parent 6aa5b39837 105f437ce9
4 changed files with 21 additions and 6 deletions
--- a/lib/pleroma/web/common_api/utils.ex
+++ b/lib/pleroma/web/common_api/utils.ex
@ -6,11 +6,11 @@ defmodule Pleroma.Web.CommonAPI.Utils do
  import Pleroma.Web.Gettext

  alias Calendar.Strftime
-  alias Comeonin.Pbkdf2
  alias Pleroma.Activity
  alias Pleroma.Config
  alias Pleroma.Formatter
  alias Pleroma.Object
+  alias Pleroma.Plugs.AuthenticationPlug
  alias Pleroma.Repo
  alias Pleroma.User
  alias Pleroma.Web.ActivityPub.Utils
@ -388,7 +388,7 @@ defmodule Pleroma.Web.CommonAPI.Utils do

  def confirm_current_password(user, password) do
    with %User{local: true} = db_user <- User.get_cached_by_id(user.id),
-         true <- Pbkdf2.checkpw(password, db_user.password_hash) do
+         true <- AuthenticationPlug.checkpw(password, db_user.password_hash) do
      {:ok, db_user}
    else
      _ -> {:error, dgettext("errors", "Invalid password.")}