contacts can be shared among customers / "duplicate contact emails", RT#27943
[freeside.git] / FS / FS / Auth / internal.pm
1 package FS::Auth::internal;
2 #use base qw( FS::Auth );
3
4 use strict;
5 use Crypt::Eksblowfish::Bcrypt qw(bcrypt_hash en_base64 de_base64);
6 use FS::Record qw( qsearchs );
7 use FS::access_user;
8
9 sub authenticate {
10   my($self, $username, $check_password ) = @_;
11
12   my $access_user =
13     ref($username) ? $username
14                    : qsearchs('access_user', { 'username' => $username,
15                                                'disabled' => '',
16                                              }
17                              )
18     or return 0;
19
20   if ( $access_user->_password_encoding eq 'bcrypt' ) {
21
22     my( $cost, $salt, $hash ) = split(',', $access_user->_password);
23
24     my $check_hash = en_base64( bcrypt_hash( { key_nul => 1,
25                                                cost    => $cost,
26                                                salt    => de_base64($salt),
27                                              },
28                                              $check_password
29                                            )
30                               );
31
32     $hash eq $check_hash;
33
34   } else { 
35
36     return 0 if $access_user->_password eq 'notyet'
37              || $access_user->_password eq '';
38
39     $access_user->_password eq $check_password;
40
41   }
42
43 }
44
45 sub autocreate { 0; }
46
47 sub change_password {
48   my($self, $access_user, $new_password) = @_;
49
50   $self->change_password_fields( $access_user, $new_password );
51
52   $access_user->replace;
53
54 }
55
56 sub change_password_fields {
57   my($self, $access_user, $new_password) = @_;
58
59   $access_user->_password_encoding('bcrypt');
60
61   my $cost = 8;
62
63   my $salt = pack( 'C*', map int(rand(256)), 1..16 );
64
65   my $hash = bcrypt_hash( { key_nul => 1,
66                             cost    => $cost,
67                             salt    => $salt,
68                           },
69                           $new_password,
70                         );
71
72   $access_user->_password(
73     join(',', $cost, en_base64($salt), en_base64($hash) )
74   );
75
76 }
77
78 1;