password_hash.rb 1.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748
  1. # Copyright (C) 2012-2016 Zammad Foundation, http://zammad-foundation.org/
  2. module PasswordHash
  3. include ApplicationLib
  4. # rubocop:disable Style/ModuleFunction
  5. extend self
  6. def crypt(password)
  7. argon2.create(password)
  8. end
  9. def verified?(pw_hash, password)
  10. Argon2::Password.verify_password(password, pw_hash, secret)
  11. rescue
  12. false
  13. end
  14. def crypted?(pw_hash)
  15. return if !pw_hash
  16. # taken from: https://github.com/technion/ruby-argon2/blob/7e1f4a2634316e370ab84150e4f5fd91d9263713/lib/argon2.rb#L33
  17. return if pw_hash !~ /^\$argon2i\$.{,112}/
  18. true
  19. end
  20. def legacy?(pw_hash, password)
  21. return if pw_hash.blank?
  22. return if !password
  23. legacy_sha2?(pw_hash, password)
  24. end
  25. private
  26. def legacy_sha2?(pw_hash, password)
  27. return if !pw_hash.start_with?('{sha2}')
  28. crypted = Digest::SHA2.hexdigest(password)
  29. pw_hash == "{sha2}#{crypted}"
  30. end
  31. def argon2
  32. return @argon2 if @argon2
  33. @argon2 = Argon2::Password.new(secret: secret)
  34. end
  35. def secret
  36. Setting.get('application_secret')
  37. end
  38. end