pleroma/lib/pleroma/plugs/authentication_plug.ex

defmodule Pleroma.Plugs.AuthenticationPlug do
  alias Comeonin.Pbkdf2
  import Plug.Conn
  alias Pleroma.User

  def init(options) do
    options
  end

  def call(%{assigns: %{user: %User{}}} = conn, _), do: conn

  def call(conn, opts) do
    with {:ok, username, password} <- decode_header(conn),
         {:ok, user} <- opts[:fetcher].(username),
         false <- !!user.info["deactivated"],
         saved_user_id <- get_session(conn, :user_id),
         legacy_password <- String.starts_with?(user.password_hash, "$6$"),
         update_legacy_password <-
           !(Map.has_key?(opts, :update_legacy_password) && opts[:update_legacy_password] == false),
         {:ok, verified_user} <- verify(user, password, saved_user_id) do
      if legacy_password and update_legacy_password do
        User.reset_password(verified_user, %{
          :password => password,
          :password_confirmation => password
        })
      end

      conn
      |> assign(:user, verified_user)
      |> put_session(:user_id, verified_user.id)
    else
      _ -> conn |> halt_or_continue(opts)
    end
  end

  # Short-circuit if we have a cookie with the id for the given user.
  defp verify(%{id: id} = user, _password, id) do
    {:ok, user}
  end

  defp verify(nil, _password, _user_id) do
    Pbkdf2.dummy_checkpw()
    :error
  end

  defp verify(user, password, _user_id) do
    valid =
      if String.starts_with?(user.password_hash, "$6$") do
        :crypt.crypt(password, user.password_hash) == user.password_hash
      else
        Pbkdf2.checkpw(password, user.password_hash)
      end

    if valid do
      {:ok, user}
    else
      :error
    end
  end

  defp decode_header(conn) do
    with ["Basic " <> header] <- get_req_header(conn, "authorization"),
         {:ok, userinfo} <- Base.decode64(header),
         [username, password] <- String.split(userinfo, ":", parts: 2) do
      {:ok, username, password}
    end
  end

  defp halt_or_continue(conn, %{optional: true}) do
    conn |> assign(:user, nil)
  end

  defp halt_or_continue(conn, _) do
    conn
    |> put_resp_content_type("application/json")
    |> send_resp(403, Jason.encode!(%{error: "Invalid credentials."}))
    |> halt
  end
end
Add basic auth. 2017-03-20 17:45:47 +01:00			`defmodule Pleroma.Plugs.AuthenticationPlug do`
Refactor code to comply with credo suggestions 2017-04-27 15:18:50 +02:00			`alias Comeonin.Pbkdf2`
Add basic auth. 2017-03-20 17:45:47 +01:00			`import Plug.Conn`
AP refactoring. 2017-05-16 15:31:11 +02:00			`alias Pleroma.User`
Add basic auth. 2017-03-20 17:45:47 +01:00
			`def init(options) do`
			`options`
			`end`

AP refactoring. 2017-05-16 15:31:11 +02:00			`def call(%{assigns: %{user: %User{}}} = conn, _), do: conn`

Add basic auth. 2017-03-20 17:45:47 +01:00			`def call(conn, opts) do`
			`with {:ok, username, password} <- decode_header(conn),`
			`{:ok, user} <- opts[:fetcher].(username),`
Don't log in deactivated users. 2017-12-07 17:41:34 +01:00			`false <- !!user.info["deactivated"],`
Short circuit user verification if cookie is present. 2017-03-30 15:29:49 +02:00			`saved_user_id <- get_session(conn, :user_id),`
auth against sha512-crypt password hashes, upgrade to pbkdf2 2018-09-05 06:21:44 +02:00			`legacy_password <- String.starts_with?(user.password_hash, "$6$"),`
			`update_legacy_password <-`
			`!(Map.has_key?(opts, :update_legacy_password) && opts[:update_legacy_password] == false),`
Format the code. 2018-03-30 15:01:53 +02:00			`{:ok, verified_user} <- verify(user, password, saved_user_id) do`
auth against sha512-crypt password hashes, upgrade to pbkdf2 2018-09-05 06:21:44 +02:00			`if legacy_password and update_legacy_password do`
			`User.reset_password(verified_user, %{`
			`:password => password,`
			`:password_confirmation => password`
			`})`
			`end`

Short circuit user verification if cookie is present. 2017-03-30 15:29:49 +02:00			`conn`
			`\|> assign(:user, verified_user)`
			`\|> put_session(:user_id, verified_user.id)`
Add basic auth. 2017-03-20 17:45:47 +01:00			`else`
			`_ -> conn \|> halt_or_continue(opts)`
			`end`
			`end`

Short circuit user verification if cookie is present. 2017-03-30 15:29:49 +02:00			`# Short-circuit if we have a cookie with the id for the given user.`
			`defp verify(%{id: id} = user, _password, id) do`
			`{:ok, user}`
			`end`

			`defp verify(nil, _password, _user_id) do`
Format the code. 2018-03-30 15:01:53 +02:00			`Pbkdf2.dummy_checkpw()`
Add basic auth. 2017-03-20 17:45:47 +01:00			`:error`
			`end`

Short circuit user verification if cookie is present. 2017-03-30 15:29:49 +02:00			`defp verify(user, password, _user_id) do`
auth against sha512-crypt password hashes, upgrade to pbkdf2 2018-09-05 06:21:44 +02:00			`valid =`
change cond to if else 2018-09-05 07:37:48 +02:00			`if String.starts_with?(user.password_hash, "$6$") do`
			`:crypt.crypt(password, user.password_hash) == user.password_hash`
			`else`
			`Pbkdf2.checkpw(password, user.password_hash)`
auth against sha512-crypt password hashes, upgrade to pbkdf2 2018-09-05 06:21:44 +02:00			`end`

			`if valid do`
Add basic auth. 2017-03-20 17:45:47 +01:00			`{:ok, user}`
			`else`
			`:error`
			`end`
			`end`

			`defp decode_header(conn) do`
			`with ["Basic " <> header] <- get_req_header(conn, "authorization"),`
			`{:ok, userinfo} <- Base.decode64(header),`
Format the code. 2018-03-30 15:01:53 +02:00			`[username, password] <- String.split(userinfo, ":", parts: 2) do`
Refactor code to comply with credo suggestions 2017-04-27 15:18:50 +02:00			`{:ok, username, password}`
Add basic auth. 2017-03-20 17:45:47 +01:00			`end`
			`end`

			`defp halt_or_continue(conn, %{optional: true}) do`
			`conn \|> assign(:user, nil)`
			`end`

			`defp halt_or_continue(conn, _) do`
			`conn`
			`\|> put_resp_content_type("application/json")`
More Jason changes. 2018-03-27 16:45:38 +02:00			`\|> send_resp(403, Jason.encode!(%{error: "Invalid credentials."}))`
Add basic auth. 2017-03-20 17:45:47 +01:00			`\|> halt`
			`end`
			`end`