Add multiple hashing algorithms

AjaiKN · AjaiKN · commit 452a2ac649fa · 2021-04-28T17:54:24.000-04:00
diff --git a/lib/password_example/hash.ex b/lib/password_example/hash.ex
@@ -0,0 +1,47 @@
+defmodule PasswordExample.Hash do
+  def partial_changeset password do
+    algorithm = PasswordExample.HashingAlgorithmChoice.get()
+    # todo: time
+    {usecs_hashing_took, ret} = :timer.tc(&hash/2, [algorithm, password])
+    Map.merge(
+      %{password: nil, hashed_password: nil, salt: nil, hash_type: algorithm, useconds_hashing_took: usecs_hashing_took},
+      ret
+    )
+  end
+  defp hash :plaintext, password do
+    %{password: password}
+  end
+  defp hash :sha1, password do
+    %{hashed_password: get_sha1_hash(password)}
+  end
+  defp hash :sha1_with_salt, password do
+    salt = make_salt()
+    %{salt: salt, hashed_password: get_sha1_hash(password <> salt)}
+  end
+  defp hash :argon2id, password do
+    %{hashed_password: Argon2.hash_pwd_salt(password)}
+  end
+
+  def verify attempted_password, %{hash_type: :plaintext, password: password} do
+    attempted_password == password
+  end
+  def verify attempted_password, %{hash_type: :sha1, hashed_password: hashed_password} do
+    get_sha1_hash(attempted_password) == hashed_password
+  end
+  def verify attempted_password, %{hash_type: :sha1_with_salt, salt: salt, hashed_password: hashed_password} do
+    get_sha1_hash(attempted_password <> salt) == hashed_password
+  end
+  def verify attempted_password, %{hash_type: :argon2id, hashed_password: hashed_password} do
+    Argon2.verify_pass(attempted_password, hashed_password)
+  end
+  def verify _, %{hash_type: :argon2id} do
+    Argon2.no_user_verify()
+  end
+
+  defp get_sha1_hash password do
+    :crypto.hash(:sha, password) |> Base.encode16()
+  end
+  defp make_salt(length \\ 12) do
+    :crypto.strong_rand_bytes(length) |> Base.url_encode64 |> binary_part(0, length)
+  end
+end
diff --git a/lib/password_example/hashing_algorithm_choice.ex b/lib/password_example/hashing_algorithm_choice.ex
@@ -0,0 +1,36 @@
+defmodule PasswordExample.HashingAlgorithmChoice do
+  use Ecto.Schema
+  # import Ecto.Changeset
+  alias PasswordExample.{Repo, HashingAlgorithmChoice}
+
+  @choices [:plaintext, :sha1, :sha1_with_salt, :argon2id]
+  def choices, do: @choices
+
+  schema "hashing_algorithm_choice" do
+    field :choice, Ecto.Enum, values: @choices
+
+    timestamps()
+  end
+
+  # @doc false
+  # def changeset(hashing_algorithm_choice, attrs) do
+  #   hashing_algorithm_choice
+  #   |> cast(attrs, [:choice])
+  #   |> validate_required([:choice])
+  # end
+
+  def get() do
+    if existing = Repo.one(HashingAlgorithmChoice) do
+      existing.choice
+    else
+      :plaintext
+    end
+  end
+  def set(new_val) do
+    if existing = Repo.one(HashingAlgorithmChoice) do
+      Repo.update(Ecto.Changeset.change(existing, %{choice: new_val}))
+    else
+      Repo.insert(%HashingAlgorithmChoice{choice: new_val})
+    end
+  end
+end
diff --git a/lib/password_example/user.ex b/lib/password_example/user.ex
@@ -4,9 +4,11 @@ defmodule PasswordExample.User do
 
   schema "users" do
     field :name, :string
-    field :password, :string, virtual: true
+    field :password, :string
     field :hashed_password, :string
-    field :seconds_hashing_took, :float
+    field :salt, :string
+    field :useconds_hashing_took, :integer
+    field :hash_type, Ecto.Enum, values: PasswordExample.HashingAlgorithmChoice.choices
 
     timestamps()
   end
@@ -25,7 +27,7 @@ defmodule PasswordExample.User do
 
   def get_by_name_and_password(name, password) do
     user = Repo.get_by(User, name: name)
-    if valid_password?(user, password), do: user
+    if PasswordExample.Hash.verify(password, user), do: user
   end
 
   @doc false
@@ -56,30 +58,18 @@ defmodule PasswordExample.User do
 
     # We only need to hash the password if the password is being changed
     if password && changeset.valid? do
-      {usecs_hashing_took, hashed_password} = :timer.tc(Argon2, :hash_pwd_salt, [password])
-
-      seconds_hashing_took = usecs_hashing_took / 1_000_000
-
-      IO.puts(seconds_hashing_took)
-
+      %{password: password, hashed_password: hashed_password, salt: salt, hash_type: hash_type, useconds_hashing_took: useconds_hashing_took} = PasswordExample.Hash.partial_changeset(password)
       changeset
+      |> put_change(:password, password)
       |> put_change(:hashed_password, hashed_password)
-      |> put_change(:seconds_hashing_took, seconds_hashing_took)
-      |> delete_change(:password)
+      |> put_change(:salt, salt)
+      |> put_change(:hash_type, hash_type)
+      |> put_change(:useconds_hashing_took, useconds_hashing_took)
     else
       changeset
     end
   end
 
-  def valid_password?(%User{hashed_password: hashed_password}, password) do
-    Argon2.verify_pass(password, hashed_password)
-  end
-
-  def valid_password?(_, _) do
-    Argon2.no_user_verify()
-    false
-  end
-
   ## users PubSub
   @topic "users"
 
diff --git a/lib/password_example_web/live/users_table_component.html.leex b/lib/password_example_web/live/users_table_component.html.leex
@@ -3,13 +3,15 @@
 		<thead>
 			<th>Name</th>
 			<th>Password</th>
+			<th>Salt</th>
 			<th>Hashed Password</th>
 		</thead>
 		<tbody>
 			<%= Enum.map @users, fn user -> %>
 				<tr>
 					<td><%= user.name %></td>
 					<td><%= user.password %></td>
+					<td><%= user.salt %></td>
 					<td><%= user.hashed_password %></td>
 				</tr>
 			<% end %>
diff --git a/lib/password_example_web/templates/login/show.html.eex b/lib/password_example_web/templates/login/show.html.eex
@@ -5,12 +5,16 @@
 	<p>Your hashed password is "<b><%= @user.hashed_password %></b>"</p>
 <% end %>
 
+<%= if @user.salt != nil do %>
+	<p>Your salt is "<b><%= @user.salt %></b>"</p>
+<% end %>
+
 <%= if @user.password == nil do %>
 	<p>I don't know your password.</p>
 <% else %>
 	<p>Your password is "<b><%= @user.password %></b>"</p>
 <% end %>
 
-<%= if @user.seconds_hashing_took != nil do %>
-	<p>Time to calculate password hash: <b><%= @user.seconds_hashing_took %> seconds.</b></p>
+<%= if @user.useconds_hashing_took != nil do %>
+	<p>Time to hash password: <b><%= @user.useconds_hashing_took %> microseconds.</b></p>
 <% end %>
diff --git a/priv/repo/migrations/20210428013831_create_users.exs b/priv/repo/migrations/20210428013831_create_users.exs
@@ -4,8 +4,11 @@ defmodule PasswordExample.Repo.Migrations.CreateUsers do
   def change do
     create table(:users) do
       add :name, :string
+      add :password, :string
       add :hashed_password, :string
-      add :seconds_hashing_took, :float
+      add :salt, :string
+      add :useconds_hashing_took, :integer
+      add :hash_type, :string
 
       timestamps()
     end
diff --git a/priv/repo/migrations/20210428210022_create_hashing_algorithm_choice.exs b/priv/repo/migrations/20210428210022_create_hashing_algorithm_choice.exs
@@ -0,0 +1,12 @@
+defmodule PasswordExample.Repo.Migrations.CreateHashingAlgorithmChoice do
+  use Ecto.Migration
+
+  def change do
+    create table(:hashing_algorithm_choice) do
+      add :choice, :string
+
+      timestamps()
+    end
+
+  end
+end
