X-Git-Url: https://git.sesse.net/?p=pr0n;a=blobdiff_plain;f=perl%2FSesse%2Fpr0n%2FCommon.pm;fp=perl%2FSesse%2Fpr0n%2FCommon.pm;h=a6a8de4b52f82cd9db3138a8dc1fadea065d05e1;hp=f98d16fe28dbba3e77719e61c7d94a520574e83e;hb=9b0484cc963ef4d7056d644b418ba03cce579bca;hpb=e822bc6525c0cf7bed96b4023a4f1f98cd4b0717

diff --git a/perl/Sesse/pr0n/Common.pm b/perl/Sesse/pr0n/Common.pm
index f98d16f..a6a8de4 100644
--- a/perl/Sesse/pr0n/Common.pm
+++ b/perl/Sesse/pr0n/Common.pm
@@ -13,8 +13,6 @@ use DBD::Pg;
 use Image::Magick;
 use IO::String;
 use POSIX;
-use Digest::SHA;
-use Digest::HMAC_SHA1;
 use MIME::Base64;
 use MIME::Types;
 use LWP::Simple;
@@ -342,35 +340,16 @@ sub check_basic_auth {
 	my ($raw_user, $pass) = split /:/, MIME::Base64::decode_base64($auth);
 	my ($user, $takenby) = extract_takenby($raw_user);
 
-	my $ref = $dbh->selectrow_hashref('SELECT sha1password,cryptpassword FROM users WHERE username=? AND vhost=?',
+	my $ref = $dbh->selectrow_hashref('SELECT cryptpassword FROM users WHERE username=? AND vhost=?',
 		undef, $user, Sesse::pr0n::Common::get_server_name($r));
-	my ($sha1_matches, $bcrypt_matches) = (0, 0);
-	if (defined($ref) && defined($ref->{'sha1password'})) {
-		$sha1_matches = (Digest::SHA::sha1_base64($pass) eq $ref->{'sha1password'});
-	}
-	if (defined($ref) && defined($ref->{'cryptpassword'})) {
-		$bcrypt_matches = (Crypt::Eksblowfish::Bcrypt::bcrypt($pass, $ref->{'cryptpassword'}) eq $ref->{'cryptpassword'});
-	}
-
-	if (!defined($ref) || (!$sha1_matches && !$bcrypt_matches)) {
+	my $bcrypt_matches = 0;
+	if (!defined($ref) || Crypt::Eksblowfish::Bcrypt::bcrypt($pass, $ref->{'cryptpassword'}) ne $ref->{'cryptpassword'}) {
 		$r->content_type('text/plain; charset=utf-8');
 		log_warn($r, "Authentication failed for $user/$takenby");
 		return undef;
 	}
 	log_info($r, "Authentication succeeded for $user/$takenby");
 
-	# Make sure we can use bcrypt authentication in the future with this password.
-	# Also remove old-style SHA1 password when we migrate.
-	if (!$bcrypt_matches) {
-		my $salt = get_pseudorandom_bytes(16);  # Doesn't need to be cryptographically secur.
-		my $hash = "\$2a\$07\$" . Crypt::Eksblowfish::Bcrypt::en_base64($salt);
-		my $cryptpassword = Crypt::Eksblowfish::Bcrypt::bcrypt($pass, $hash);
-		$dbh->do('UPDATE users SET sha1password=NULL,cryptpassword=? WHERE username=? AND vhost=?',
-			undef, $cryptpassword, $user, Sesse::pr0n::Common::get_server_name($r))
-			or die "Couldn't update: " . $dbh->errstr;
-		log_info($r, "Updated bcrypt hash for $user");
-	}
-
 	return ($user, $takenby);
 }