File Coverage

blib/lib/Password/OWASP/AbstractBase.pm

Criterion	Covered	Total	%
statement	25	25	100.0
branch	4	4	100.0
condition	3	3	100.0
subroutine	8	8	100.0
pod	1	1	100.0
total	41	41	100.0

line	stmt	bran	cond	sub	pod	time	code
1							our $VERSION = '0.003';
2							use Moose::Role;
3	1			1		848	use namespace::autoclean;
	1					4114
	1					4
4	1			1		4868
	1					6630
	1					4
5							# ABSTRACT: Abstract base class to implement OWASP password recommendations
6
7							use Authen::Passphrase;
8	1			1		52	use Digest::SHA;
	1					2
	1					16
9	1			1		437	use Moose::Util::TypeConstraints qw(enum);
	1					2116
	1					42
10	1			1		6	use Try::Tiny;
	1					3
	1					7
11	1			1		370
	1					1
	1					150
12							with 'Password::OWASP::AbstractBaseX';
13
14							my ($self, $given, $want) = @_;
15							my $ok = try {
16	7			7	1	1334	my $ppr = Authen::Passphrase->from_rfc2307($want);
17							return 1 if $ppr->match($self->hash_password($given));
18	7			7		217	return 0;
19	6	100				2409	};
20	5					361379	return 1 if $ok \|\| $self->check_legacy_password($given, $want);
21	7					50	return 0;
22	7	100	100			363302	}
23	3					22
24							1;
25
26
27							=pod
28
29							=encoding UTF-8
30
31							=head1 NAME
32
33							Password::OWASP::AbstractBase - Abstract base class to implement OWASP password recommendations
34
35							=head1 VERSION
36
37							version 0.003
38
39							=head1 SYNOPSIS
40
41							package Password::OWASP::MyThing;
42							use Moose;
43
44							with 'Password::OWASP::AbstractBase';
45
46							# You need to implement this method
47							sub crypt_password {
48							...;
49							}
50
51							=head1 DESCRIPTION
52
53							An abstract base class for modules that want to implement OWASP recommendations
54							for password storage.
55
56							This class implements the following methods and attributes.
57
58							=head2 ATTRIBUTES
59
60							=over
61
62							=item hashing
63
64							An enumeration of C<sha1>, C<sha256>, C<sha512>. The latter is the default.
65							This is used for the L<Password::OWASP::AbstractBase/hash_password> function.
66
67							=item update_method
68
69							A code ref to update the password in your given store. The first argument is
70							the password that needs to be stored. Setting this value will also enable you
71							to update the password via L<Password::OWASP::AbstractBase/update_password>.
72
73							=back
74
75							=head1 METHODS
76
77							=head2 check_password
78
79							Check the user password, returns true or false depending on the correctness of
80							the password. The password needs to be in a RFC2307 format.
81
82							=head2 check_legacy_password
83
84							Check the password against the former password scheme, assuming it isn't a
85							password scheme that is understood by L<Authen::Passphrase> and the password
86							isn't hashed before it was stored.
87
88							In case the L<Password::OWASP::AbstractBase/update_method> was provided, the
89							password is updated in place.
90
91							=head2 update_password
92
93							Update the password if L<Password::OWASP::AbstractBase/update_method> was
94							provided.
95
96							=head2 hash_password
97
98							Hash the password with the given sha.
99
100							=head1 SEE ALSO
101
102							=over
103
104							=item * L<Password::OWASP::AbstractBaseX>
105
106							=item * L<OWASP cheatsheet for password storage\|https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Password_Storage_Cheat_Sheet.md>
107
108							=item * L<OWASP cheatsheet for authentication storage\|https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Authentication_Cheat_Sheet.md>
109
110							=item * L<Authen::Passphrase>
111
112							=back
113
114							=head1 AUTHOR
115
116							Wesley Schwengle <waterkip@cpan.org>
117
118							=head1 COPYRIGHT AND LICENSE
119
120							This software is Copyright (c) 2019 by Wesley Schwengle.
121
122							This is free software, licensed under:
123
124							The (three-clause) BSD License
125
126							=cut