From d66b72d34ef79e663a44ce7ec3bda3dd9c7f87f1 Mon Sep 17 00:00:00 2001
From: Al Beano <albino@autistici.org>
Date: Mon, 17 Jul 2017 14:25:45 +0100
Subject: [PATCH] Split out password hasing code

---
 lib/cyberman.pm         |  1 +
 lib/cyberman/API.pm     |  2 ++
 lib/cyberman/Account.pm |  5 +++++
 lib/cyberman/Auth.pm    | 21 +++++----------------
 lib/cyberman/Helper.pm  | 21 ++++++++++++++++++++-
 5 files changed, 33 insertions(+), 17 deletions(-)
 create mode 100644 lib/cyberman/Account.pm

diff --git a/lib/cyberman.pm b/lib/cyberman.pm
index cfd1158..e9f0a19 100644
--- a/lib/cyberman.pm
+++ b/lib/cyberman.pm
@@ -5,6 +5,7 @@ use Dancer2::Plugin::Database;
 
 use cyberman::Domains;
 use cyberman::Auth;
+use cyberman::Account;
 use cyberman::Helper;
 use cyberman::API;
 
diff --git a/lib/cyberman/API.pm b/lib/cyberman/API.pm
index 4391b79..be5db81 100644
--- a/lib/cyberman/API.pm
+++ b/lib/cyberman/API.pm
@@ -5,6 +5,8 @@ use Dancer2::Plugin::Database;
 get '/api/check_availability' => sub {
   # No auth req'd
   # returns 'y' or 'n'
+  
+  # TODO: check name validity here
 
   if (!param("name")) {
     return "n";
diff --git a/lib/cyberman/Account.pm b/lib/cyberman/Account.pm
new file mode 100644
index 0000000..0e38010
--- /dev/null
+++ b/lib/cyberman/Account.pm
@@ -0,0 +1,5 @@
+package cyberman::Account;
+use Dancer2 appname => "cyberman";
+use Dancer2::Plugin::Database;
+
+true;
diff --git a/lib/cyberman/Auth.pm b/lib/cyberman/Auth.pm
index 1f5ad7f..f447858 100644
--- a/lib/cyberman/Auth.pm
+++ b/lib/cyberman/Auth.pm
@@ -2,8 +2,6 @@ package cyberman::Auth;
 
 use Dancer2 appname => "cyberman";
 use Dancer2::Plugin::Database;
-use Digest::Bcrypt;
-use Math::Random::Secure qw(irand);
 
 use cyberman::Helper;
 
@@ -36,20 +34,14 @@ post '/register' => sub {
     };
   }
 
-  # Hash password
-  my $salt = randstring(16);
-
-  my $b = new Digest::Bcrypt;
-  $b->cost(8);
-  $b->salt($salt);
-  $b->add(param "password");
+  my ($hash, $salt) = hash_password(param("password"));
 
   # Create the account in the database
   database->quick_insert(
     "user",
     {
       "email" => param("email"),
-      "password" => $b->bcrypt_b64digest,
+      "password" => $hash,
       "salt" => $salt,
     },
   );
@@ -76,12 +68,9 @@ post '/login' => sub {
   }
 
   if (scalar(keys(%errs)) == 0) {
-    my $b = new Digest::Bcrypt;
-    $b->cost(8);
-    $b->salt($user->{"salt"});
-    $b->add(param "password");
-
-    $errs{"e_pass"} = 1 unless $b->bcrypt_b64digest eq $user->{"password"};
+    my ($hash, $salt) = hash_password(param("password"), $user->{"salt"});
+    warn $hash;
+    $errs{"e_pass"} = 1 unless $hash eq $user->{"password"};
   }
 
   if (scalar(keys(%errs)) == 0) {
diff --git a/lib/cyberman/Helper.pm b/lib/cyberman/Helper.pm
index 77c17a0..8cfe1b6 100644
--- a/lib/cyberman/Helper.pm
+++ b/lib/cyberman/Helper.pm
@@ -3,10 +3,11 @@ use base qw(Exporter);
 use Dancer2 appname => "cyberman";
 
 use Math::Random::Secure qw(irand);
+use Digest::Bcrypt;
 
 use Exporter qw(import);
 
-our @EXPORT = qw(auth_test randstring);
+our @EXPORT = qw(auth_test randstring hash_password);
 
 # Helper functions
 
@@ -41,4 +42,22 @@ sub randstring {
   return $ret;
 }
 
+sub hash_password {
+  my $plaintext = shift;
+
+  my $salt;
+  if (scalar(@_) > 0) {
+    $salt = shift;
+  } else {
+    $salt = randstring(16);
+  }
+
+  my $b = new Digest::Bcrypt;
+  $b->cost(8);
+  $b->salt($salt);
+  $b->add($plaintext);
+
+  return ($b->bcrypt_b64digest, $salt);
+}
+
 1;