Clean up injection

2017-09-24 17:45:35 -04:00 · 2017-09-24 17:45:35 -04:00 · adc50cc7a6
parent 8fc025140b
commit adc50cc7a6
5 changed files with 14 additions and 18 deletions
--- a/modules/user/src/main/Env.scala
+++ b/modules/user/src/main/Env.scala
@ -89,9 +89,10 @@ final class Env(
    rankingApi = rankingApi
  )

-  lazy val passwordHasher = new TimedPasswordHasher(
+  lazy val passwordHasher = new PasswordHasher(
    secret = PasswordBPassSecret,
-    logRounds = 10
+    logRounds = 10,
+    lila.mon.measure(_.user.auth.hashTime)
  )

  lazy val upgradeShaPasswords = PasswordUpgradeSha
--- a/modules/user/src/main/PasswordHasher.scala
+++ b/modules/user/src/main/PasswordHasher.scala
@ -30,12 +30,13 @@ private[user] class DumbAes(secret: String) {
  def decrypt(data: Array[Byte]) = process(DECRYPT_MODE, data)
 }

-sealed class PasswordHasher(secret: String, logRounds: Int) {
+sealed class PasswordHasher(secret: String, logRounds: Int,
+  hashTimer: (=> Array[Byte]) => Array[Byte] = x => x) {
  import org.mindrot.BCrypt

  private val aes = new DumbAes(secret)
  protected def bHash(pass: String, salt: Array[Byte]) =
-    BCrypt.hashpwRaw(pass, 'a', logRounds, salt)
+    hashTimer(BCrypt.hashpwRaw(pass, 'a', logRounds, salt))

  def hash(pass: String) = {
    val salt = BCrypt.gensaltRaw
@ -46,12 +47,4 @@ sealed class PasswordHasher(secret: String, logRounds: Int) {
    val (salt, hash) = aes.decrypt(encHash).splitAt(16)
    BCrypt.bytesEqualSecure(hash, bHash(pass, salt))
  }
-}
-
-class TimedPasswordHasher(secret: String, logRounds: Int)
-  extends PasswordHasher(secret, logRounds) {
-  protected override def bHash(pass: String, salt: Array[Byte]) =
-    lila.mon.measure(_.user.auth.hashTime) {
-      super.bHash(pass, salt)
-    }
 }
--- a/modules/user/src/main/User.scala
+++ b/modules/user/src/main/User.scala
@ -258,8 +258,7 @@ object User {
  }
 }

-class Authenticator(passHasher: PasswordHasher,
-    authMon: Option[lila.mon.user.auth.type] = Some(lila.mon.user.auth)) {
+class Authenticator(passHasher: PasswordHasher, onShaLogin: => Unit) {
  import com.roundeights.hasher.Implicits._

  private def salted(p: String, salt: String) = s"$p{$salt}"
@ -283,7 +282,7 @@ class Authenticator(passHasher: PasswordHasher,

      bpass match {
        // Deprecated fallback. Log & fail after DB migration.
-        case None => password ?? { authMon.foreach { _.shaLogin() }; _ == newP }
+        case None => password ?? { onShaLogin; _ == newP }
        case Some(bHash) => passHasher.check(bHash, salted(newP, _id))
      }
    }
--- a/modules/user/src/main/UserRepo.scala
+++ b/modules/user/src/main/UserRepo.scala
@ -230,7 +230,10 @@ object UserRepo {
  def authenticateByEmail(email: EmailAddress, password: String): Fu[Option[User]] =
    loginCandidateByEmail(email) map { _ flatMap { _(password) } }

-  private val authWrapper = new Authenticator(Env.current.passwordHasher)
+  private val authWrapper = new Authenticator(
+    Env.current.passwordHasher, lila.mon.user.auth.shaLogin()
+  )
+
  import authWrapper.{ passEnc, AuthData }

  // This creates a bcrypt hash using the existing sha as input,
--- a/modules/user/src/test/AuthTest.scala
+++ b/modules/user/src/test/AuthTest.scala
@ -6,7 +6,7 @@ import java.util.Base64
 class AuthTest extends Specification {

  val secret = Array.fill(32)(1.toByte).toBase64
-  val authWrapper = new Authenticator(new PasswordHasher(secret, 2), None)
+  val authWrapper = new Authenticator(new PasswordHasher(secret, 2), ())
  import authWrapper.{ passEnc, AuthData }

  // Extracted from mongo
@ -43,7 +43,7 @@ class AuthTest extends Specification {
    // sanity check of aes encryption
    "wrong secret" >> !{
      val badHasher = new PasswordHasher((new Array[Byte](32)).toBase64, 2)
-      new Authenticator(badHasher, None).AuthData(
+      new Authenticator(badHasher, ()).AuthData(
        _id = "foo",
        bpass = bCryptUser.bpass
      ).compare("password")