detect and use sha512-crypt for stored password hash.

2019-07-14 09:48:42 -07:00 · 2019-07-14 09:48:42 -07:00 · f98f7ad1b9
commit f98f7ad1b9
parent cef4337f95
4 changed files with 19 additions and 6 deletions
--- a/lib/pleroma/plugs/authentication_plug.ex
+++ b/lib/pleroma/plugs/authentication_plug.ex
@ -6,11 +6,24 @@ defmodule Pleroma.Plugs.AuthenticationPlug do
  alias Comeonin.Pbkdf2
  import Plug.Conn
  alias Pleroma.User
+  require Logger

  def init(options) do
    options
  end

+  def checkpw(password, password_hash) do
+    cond do
+      String.starts_with?(password_hash, "$pbkdf2") ->
+        Pbkdf2.checkpw(password, password_hash)
+      String.starts_with?(password_hash, "$6") ->
+        :crypt.crypt(password, password_hash) == password_hash
+      true ->
+        Logger.error("Password hash not recognized")
+        false
+    end
+  end
+
  def call(%{assigns: %{user: %User{}}} = conn, _), do: conn

  def call(