NAME
DBIx::Class::CryptColumn - Automatically hash password/passphrase columns
VERSION
version 0.008
SYNOPSIS
__PACKAGE__->load_components(qw(CryptColumn));
__PACKAGE__->add_columns(
id => {
data_type => 'integer',
is_auto_increment => 1,
},
password => {
data_type => 'text',
inflate_passphrase => {
encoder => 'Argon2',
verify_and_rehash_method => 'verify_and_rehash_password',
},
},
);
__PACKAGE__->set_primary_key('id');
In application code:
# 'plain' will automatically be hashed using the specified
# inflate_passphrase arguments
$rs->create({ password => 'plain' });
my $row = $rs->find({ id => $id });
if ($row->verify_and_rehash_password($given_password)) {
...
}
# equivalent to
if ($row->password->verify_password($given_password)) {
if ($row->password->needs_rehash) {
$row->update({ password => $input });
}
...
}
# Change password
$row->password('new password');
DESCRIPTION
This component can be used to automatically hash password columns using any scheme supported by Crypt::Passphrase whenever the value of these columns is changed, as well as conveniently check if any given password matches the hash.
Its main advantage over other similar DBIx::Class extensions is that it provides the cryptographic agility of Crypt::Passphrase; that means that it allows you to define a single scheme that will be used for new passwords, but several schemes to check passwords against. It will be able to tell you if you should rehash your password, not only because the scheme is outdated, but also because the desired parameters have changed.
ARGUMENTS
In addition to the usual Crypt::Passphrase
arguments, this module takes three extra arguments that each set a method on the row.
verify_method
If this option is set it adds a method with that name to the row class to verify if a password matches the known hash. This method takes a password as its single argument.
rehash_method
If this option is set it will add a method with the given name that checks if a password needs to be rehashed. It takes no arguments.
verify_and_rehash_method
If this option is set it will add a method with the given name that verifies if a password matches the known hash. If it does and the hash needs a rehash it will rehash the password and store the result to the database. In either case it returns the result of the verification. This method takes a password as its only argument. This option is recommended over the others for most deployments.
METHODS
register_column
Chains with the register_column
method in DBIx::Class::Row
, and sets up passphrase columns according to the options documented above. This would not normally be directly called by end users.
set_column
Hash a passphrase column whenever it is set.
set_inflated_column
Sets an inflated password column that does not need to be hashed again.
new
Hash all passphrase columns on new()
so that copy()
, create()
, and others DWIM.
SEE ALSO
AUTHOR
Leon Timmermans <leont@cpan.org>
COPYRIGHT AND LICENSE
This software is copyright (c) 2023 by Leon Timmermans.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.