NAME

Mojolicious::Plugin::Passphrase - Securely hash and validate your passwords.

VERSION

version 0.003

SYNOPSIS

# Mojolicious::Lite

# set your own cost
plugin Passphrase => { encoder => 'Argon2' };

# Mojolicious

sub startup {
  my $self = shift;

  $self->plugin(Passphrase => { encoder => 'Argon2' });
}

DESCRIPTION

This module plugs Crypt::Passphrase into your Mojolicious application. It takes a Crypt::Passphrase configuration as its configuration and exposes its methods as helpers. This way it allows you to define a single scheme that will be used for new passwords, but several schemes to check passwords against. It will be able to tell you if you should rehash your password, not only because the scheme is outdated, but also because the desired parameters have changed.

HELPERS

hash_password

Crypts a password via the encoder algorithm and returns the resulting crypted value.

my $crypted_password = $c->hash_password($plaintext_password);

verify_password

Validates a password against a crypted password (from your database, for example):

if ($c->verify_password($plaintext_password, $crypted_password)) {
  # Authenticated
} else {
  # Uh oh...
}

password_needs_rehash

Checks if a hash needs rehashing.

if ($c->verify_password($plaintext_password, $crypted_password)) {
  if ($c->password_needs_rehash($crypted_password)) {
    my $new_hash = $c->hash_password($plaintext_password);
    # store new hash to the database
  }
}

SEE ALSO

• DBIx::Class::CryptColumn

• Mojolicious::Plugin::BcryptSecure

AUTHOR

Leon Timmermans <leont@cpan.org>

COPYRIGHT AND LICENSE

This software is copyright (c) 2023 by Leon Timmermans.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.