File Coverage

blib/lib/Password/OWASP/Argon2.pm

Criterion	Covered	Total	%
statement	20	20	100.0
branch	6	6	100.0
condition			n/a
subroutine	6	6	100.0
pod	2	2	100.0
total	34	34	100.0

line	stmt	bran	sub	pod	time	code
1						our $VERSION = '0.004';
2						use Moose;
3	1		1		59203
	1				412788
	1				8
4						# ABSTRACT: An Argon2 implemenation of Password::OWASP
5
6						with 'Password::OWASP::AbstractBaseX';
7
8						use Try::Tiny;
9	1		1		6315
	1				2
	1				67
10						use Authen::Passphrase::Argon2;
11	1		1		583
	1				14757
	1				238
12						my ($self, $pass) = @_;
13
14	2		2	1	324	my $ppr = Authen::Passphrase::Argon2->new(
15						cost => $self->cost,
16	2				57	salt_random => 1,
17						passphrase => $self->hash_password($pass),
18						);
19						return $ppr->as_rfc2307;
20						}
21	2				920999
22						my ($self, $given, $want) = @_;
23
24						my $ok = try {
25	6		6	1	140767	my $ppr = Authen::Passphrase::Argon2->from_rfc2307($want);
26						return 1 if $ppr->match($self->hash_password($given));
27						return 0;
28	6		6		208	};
29	4	100			521	return 1 if $ok;
30	3				971871	return 1 if $self->check_legacy_password($given, $want);
31	6				63	return 0;
32	6	100			665477	};
33	5	100			36
34	2				18	around check_legacy_password => sub {
35						my ($orig, $self, $given, $want) = @_;
36
37						my $ok = try {
38						my $ppr = Authen::Passphrase::Argon2->from_rfc2307($want);
39						return $ppr->match($given);
40						};
41						if ($ok) {
42						$self->update_password($given) if $self->has_update_method;
43						return 1;
44						}
45
46						return $orig->($self, $given, $want);
47
48						};
49
50						__PACKAGE__->meta->make_immutable;
51
52
53						=pod
54
55						=encoding UTF-8
56
57						=head1 NAME
58
59						Password::OWASP::Argon2 - An Argon2 implemenation of Password::OWASP
60
61						=head1 VERSION
62
63						version 0.004
64
65						=head1 SYNOPSIS
66
67						package MyApp::Authentication;
68
69						use Password::OWASP::Argon2;
70
71						my $user = get_from_db();
72						my $from_web = "Super secret password";
73
74						my $owasp = Password::OWASP::Argon2->new(
75						# optional
76						hashing => 'sha512',
77						update_method => sub {
78						my $password = shift;
79						$user->update_password($password);
80						return;
81						},
82						);
83
84						if (!$owasp->check_password($from_web)) {
85						die "You cannot login";
86						}
87
88						=head1 DESCRIPTION
89
90						Implements Argon2 password checking.
91
92						=head1 METHODS
93
94						=head2 crypt_password
95
96						Encrypt the password and return it as an RFC2307 formatted string.
97
98						=head2 check_password
99
100						Check if the password is the same as what was stored.
101
102						=head1 SEE ALSO
103
104						=over
105
106						=item * L<Password::OWASP::AbstractBase>
107
108						=item * L<Authen::Passphrase::BlowfishCrypt>
109
110						=back
111
112						=head1 AUTHOR
113
114						Wesley Schwengle <waterkip@cpan.org>
115
116						=head1 COPYRIGHT AND LICENSE
117
118						This software is Copyright (c) 2019 by Wesley Schwengle.
119
120						This is free software, licensed under:
121
122						The (three-clause) BSD License
123
124						=cut