diff options
author | Ivan Kohler <ivan@freeside.biz> | 2013-05-09 01:42:39 -0700 |
---|---|---|
committer | Ivan Kohler <ivan@freeside.biz> | 2013-05-09 01:42:39 -0700 |
commit | 120718856665ca90ad852535d1155f8ea8ecb6b6 (patch) | |
tree | 2ac0472c1fd67ecc843619597f1cca7d8f774204 /FS/FS/Auth/internal.pm | |
parent | d8843f184a7f6ee87eec99724f2d6430c1df34ea (diff) |
NG auth: pw changes, RT#21563
Diffstat (limited to 'FS/FS/Auth/internal.pm')
-rw-r--r-- | FS/FS/Auth/internal.pm | 57 |
1 files changed, 44 insertions, 13 deletions
diff --git a/FS/FS/Auth/internal.pm b/FS/FS/Auth/internal.pm index 5d9170e..bb116ce 100644 --- a/FS/FS/Auth/internal.pm +++ b/FS/FS/Auth/internal.pm @@ -2,29 +2,32 @@ package FS::Auth::internal; #use base qw( FS::Auth ); use strict; -use Crypt::Eksblowfish::Bcrypt qw(bcrypt_hash); +use Crypt::Eksblowfish::Bcrypt qw(bcrypt_hash en_base64 de_base64); use FS::Record qw( qsearchs ); use FS::access_user; sub authenticate { my($self, $username, $check_password ) = @_; - my $access_user = qsearchs('access_user', { 'username' => $username, - 'disabled' => '', - } - ) + my $access_user = + ref($username) ? $username + : qsearchs('access_user', { 'username' => $username, + 'disabled' => '', + } + ) or return 0; if ( $access_user->_password_encoding eq 'bcrypt' ) { my( $cost, $salt, $hash ) = split(',', $access_user->_password); - my $check_hash = bcrypt_hash( { key_nul => 1, - cost => $cost, - salt => $salt, - }, - $check_password - ); + my $check_hash = en_base64( bcrypt_hash( { key_nul => 1, + cost => $cost, + salt => de_base64($salt), + }, + $check_password + ) + ); $hash eq $check_hash; @@ -39,7 +42,35 @@ sub authenticate { } -#sub change_password { -#} +sub change_password { + my($self, $access_user, $new_password) = @_; + + $self->change_password_fields( $access_user, $new_password ); + + $access_user->replace; + +} + +sub change_password_fields { + my($self, $access_user, $new_password) = @_; + + $access_user->_password_encoding('bcrypt'); + + my $cost = 8; + + my $salt = pack( 'C*', map int(rand(256)), 1..16 ); + + my $hash = bcrypt_hash( { key_nul => 1, + cost => $cost, + salt => $salt, + }, + $new_password, + ); + + $access_user->_password( + join(',', $cost, en_base64($salt), en_base64($hash) ) + ); + +} 1; |