1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
package FS::Auth::internal;
#use base qw( FS::Auth );
use strict;
use Crypt::Eksblowfish::Bcrypt qw(bcrypt_hash en_base64 de_base64);
use FS::Record qw( qsearchs );
use FS::access_user;
sub authenticate {
my($self, $username, $check_password ) = @_;
my $access_user =
ref($username) ? $username
: qsearchs('access_user', { 'username' => $username,
'disabled' => '',
}
)
or return 0;
if ( $access_user->_password_encoding eq 'bcrypt' ) {
my( $cost, $salt, $hash ) = split(',', $access_user->_password);
my $check_hash = en_base64( bcrypt_hash( { key_nul => 1,
cost => $cost,
salt => de_base64($salt),
},
$check_password
)
);
$hash eq $check_hash;
} else {
return 0 if $access_user->_password eq 'notyet'
|| $access_user->_password eq '';
$access_user->_password eq $check_password;
}
}
sub autocreate { 0; }
sub change_password {
my($self, $access_user, $new_password) = @_;
# do nothing if the password is unchanged
return if $self->authenticate( $access_user, $new_password );
$self->change_password_fields( $access_user, $new_password );
$access_user->replace;
}
sub change_password_fields {
my($self, $access_user, $new_password) = @_;
$access_user->_password_encoding('bcrypt');
my $cost = 8;
my $salt = pack( 'C*', map int(rand(256)), 1..16 );
my $hash = bcrypt_hash( { key_nul => 1,
cost => $cost,
salt => $salt,
},
$new_password,
);
$access_user->_password(
join(',', $cost, en_base64($salt), en_base64($hash) )
);
}
1;
|