feat: replaced flaky argon2 with better argon2 crate (#37)

* feat: replaced flaky argon2 with better argon2 crate * fix: applied cargo fmt nightly * docs: added comment specifying what the settings for Argon2 mean * fix: made hashing error a bit more descriptive * fix: fixed incorrect value for Kib
2023-12-25 16:28:56 +01:00 · 2023-12-25 16:28:56 +01:00 · fdc3e07be6
commit fdc3e07be6
parent 6a9f8dfa6f
9 changed files with 84 additions and 62 deletions
--- a/src/api/client_server/session.rs
+++ b/src/api/client_server/session.rs
@ -1,5 +1,6 @@
 use super::{DEVICE_ID_LENGTH, TOKEN_LENGTH};
 use crate::{services, utils, Error, Result, Ruma};
+use argon2::{PasswordHash, PasswordVerifier};
 use ruma::{
    api::client::{
        error::ErrorKind,
@ -9,7 +10,7 @@ use ruma::{
    UserId,
 };
 use serde::Deserialize;
-use tracing::{info, warn};
+use tracing::{error, info, warn};

 #[derive(Debug, Deserialize)]
 struct Claims {
@ -74,9 +75,15 @@ pub async fn login_route(body: Ruma<login::v3::Request>) -> Result<login::v3::Re
                    "The user has been deactivated",
                ));
            }
-
-            let hash_matches = argon2::verify_encoded(&hash, password.as_bytes()).unwrap_or(false);
-
+            let Ok(parsed_hash) = PasswordHash::new(&hash) else {
+                error!("error while hashing user {}", user_id);
+                return Err(Error::BadServerResponse("could not hash"));
+            };
+            let hash_matches = services()
+                .globals
+                .argon
+                .verify_password(password.as_bytes(), &parsed_hash)
+                .is_ok();
            if !hash_matches {
                return Err(Error::BadRequest(
                    ErrorKind::Forbidden,