From 4ad2c0028f6b5a56d3a455cd7e3f04d9bd0ea722 Mon Sep 17 00:00:00 2001 From: Matthew Somerville Date: Tue, 30 Jan 2018 14:18:11 +0000 Subject: Increase bcrypt cost. Though when running tests, decrease it for speed. --- perllib/FixMyStreet/App/Controller/Auth.pm | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'perllib/FixMyStreet/App/Controller/Auth.pm') diff --git a/perllib/FixMyStreet/App/Controller/Auth.pm b/perllib/FixMyStreet/App/Controller/Auth.pm index 455022e03..fe980af0d 100644 --- a/perllib/FixMyStreet/App/Controller/Auth.pm +++ b/perllib/FixMyStreet/App/Controller/Auth.pm @@ -84,6 +84,12 @@ sub sign_in : Private { my $parsed = FixMyStreet::SMS->parse_username($username); if ($parsed->{username} && $password && $c->forward('authenticate', [ $parsed->{type}, $parsed->{username}, $password ])) { + # Upgrade hash count if necessary + my $cost = sprintf("%02d", FixMyStreet::DB::Result::User->cost); + if ($c->user->password !~ /^\$2a\$$cost\$/) { + $c->user->update({ password => $password }); + } + # unless user asked to be remembered limit the session to browser $c->set_session_cookie_expire(0) unless $remember_me; -- cgit v1.2.3