File Coverage

blib/lib/Password/OWASP/AbstractBaseX.pm
Criterion Covered Total %
statement 33 33 100.0
branch 5 6 83.3
condition n/a
subroutine 10 10 100.0
pod 3 3 100.0
total 51 52 98.0


line stmt bran cond sub pod time code
1             our $VERSION = '0.004';
2             use Moose::Role;
3 3     3   2339 use namespace::autoclean;
  3         9213  
  3         14  
4 3     3   15272  
  3         14149  
  3         27  
5             # ABSTRACT: Abstract base class to implement OWASP password recommendations
6              
7             use Authen::Passphrase;
8 3     3   179 use Digest::SHA;
  3         6  
  3         61  
9 3     3   521 use Moose::Util::TypeConstraints qw(enum);
  3         2802  
  3         134  
10 3     3   20 use Try::Tiny;
  3         5  
  3         31  
11 3     3   1455  
  3         6  
  3         959  
12             requires qw(
13             crypt_password
14             check_password
15             );
16              
17             has cost => (
18             is => 'ro',
19             isa => 'Int',
20             default => 12,
21             );
22              
23             has hashing => (
24             is => 'ro',
25             isa => enum([qw(sha1 sha256 sha512)]),
26             default => 'sha512',
27             );
28              
29             has update_method => (
30             is => 'ro',
31             isa => 'CodeRef',
32             predicate => 'has_update_method',
33             );
34              
35             my ($self, $given, $want) = @_;
36             my $ok = try {
37 14     14 1 48 my $ppr = Authen::Passphrase->from_rfc2307($want);
38             return $ppr->match($given);
39 14     14   456 };
40 9         3724 return 0 unless $ok;
41 14         101 $self->update_password($given) if $self->has_update_method;
42 14 100       363447 return 1;
43 7 100       256 }
44 7         62  
45             my ($self, $pass) = @_;
46             my $sha = Digest::SHA->new($self->hashing);
47             $sha->add($pass);
48 20     20 1 60 return $sha->b64digest;
49 20         713 }
50 20         469  
51 20         279 my ($self, $given) = @_;
52             return 0 unless $self->has_update_method;
53             $self->update_method->($self->crypt_password($given));
54             return 1;
55 3     3 1 11 }
56 3 50       86  
57 3         24 1;
58 3         24  
59              
60             =pod
61              
62             =encoding UTF-8
63              
64             =head1 NAME
65              
66             Password::OWASP::AbstractBaseX - Abstract base class to implement OWASP password recommendations
67              
68             =head1 VERSION
69              
70             version 0.004
71              
72             =head1 SYNOPSIS
73              
74             package Password::OWASP::MyThing;
75             use Moose;
76              
77             with 'Password::OWASP::AbstractBaseX';
78              
79             # You need to implement this method
80             sub crypt_password {
81             ...;
82             }
83              
84             sub check_password {
85             ...;
86             }
87              
88             =head1 DESCRIPTION
89              
90             An abstract base class for modules that want to implement OWASP recommendations
91             for password storage.
92              
93             This class implements the following methods and attributes.
94              
95             =head2 ATTRIBUTES
96              
97             =over
98              
99             =item hashing
100              
101             An enumeration of C<sha1>, C<sha256>, C<sha512>. The latter is the default.
102             This is used for the L<Password::OWASP::AbstractBaseX/hash_password> function.
103              
104             =item update_method
105              
106             A code ref to update the password in your given store. The first argument is
107             the password that needs to be stored. Setting this value will also enable you
108             to update the password via L<Password::OWASP::AbstractBaseX/update_password>.
109              
110             =back
111              
112             =head1 METHODS
113              
114             =head2 check_legacy_password
115              
116             Check the password against the former password scheme, assuming it isn't a
117             password scheme that is understood by L<Authen::Passphrase> and the password
118             isn't hashed before it was stored.
119              
120             In case the L<Password::OWASP::AbstractBaseX/update_method> was provided, the
121             password is updated in place.
122              
123             =head2 update_password
124              
125             Update the password if L<Password::OWASP::AbstractBaseX/update_method> was
126             provided.
127              
128             =head2 hash_password
129              
130             Hash the password with the given sha.
131              
132             =head1 SEE ALSO
133              
134             =head2 OWASP
135              
136             =over
137              
138             =item * L<OWASP cheatsheet for password storage|https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Password_Storage_Cheat_Sheet.md>
139              
140             =item * L<OWASP cheatsheet for authentication storage|https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Authentication_Cheat_Sheet.md>
141              
142             =item * L<Authen::Passphrase>
143              
144             =back
145              
146             =head1 AUTHOR
147              
148             Wesley Schwengle <waterkip@cpan.org>
149              
150             =head1 COPYRIGHT AND LICENSE
151              
152             This software is Copyright (c) 2019 by Wesley Schwengle.
153              
154             This is free software, licensed under:
155              
156             The (three-clause) BSD License
157              
158             =cut