From c7cd9bd5911f8393fa758e329f8786913a5c321f Mon Sep 17 00:00:00 2001
From: lain <lain@soykaf.club>
Date: Wed, 13 Jan 2021 15:09:01 +0100
Subject: [PATCH 1/6] Password: Add password module

Replaces Pbkdf2.
---
 config/test.exs                |  2 +-
 lib/pleroma/password.ex        | 55 ++++++++++++++++++++++++++++++++++
 test/pleroma/password_test.exs | 35 ++++++++++++++++++++++
 3 files changed, 91 insertions(+), 1 deletion(-)
 create mode 100644 lib/pleroma/password.ex
 create mode 100644 test/pleroma/password_test.exs

diff --git a/config/test.exs b/config/test.exs
index 7fc457463..6f6b18558 100644
--- a/config/test.exs
+++ b/config/test.exs
@@ -53,7 +53,7 @@ config :pleroma, Pleroma.Repo,
 config :pleroma, :dangerzone, override_repo_pool_size: true
 
 # Reduce hash rounds for testing
-config :pbkdf2_elixir, rounds: 1
+config :pleroma, :password, iterations: 1
 
 config :tesla, adapter: Tesla.Mock
 
diff --git a/lib/pleroma/password.ex b/lib/pleroma/password.ex
new file mode 100644
index 000000000..e96249650
--- /dev/null
+++ b/lib/pleroma/password.ex
@@ -0,0 +1,55 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Password do
+  @moduledoc """
+  This module implements Pleroma.Password passwords in terms of Plug.Crypto.
+  """
+
+  alias Plug.Crypto.KeyGenerator
+
+  def decode64(str) do
+    str
+    |> String.replace(".", "+")
+    |> Base.decode64!(padding: false)
+  end
+
+  def encode64(bin) do
+    bin
+    |> Base.encode64(padding: false)
+    |> String.replace("+", ".")
+  end
+
+  def verify_pass(password, hash) do
+    ["pbkdf2-" <> digest, iterations, salt, hash] = String.split(hash, "$", trim: true)
+
+    salt = decode64(salt)
+
+    iterations = String.to_integer(iterations)
+
+    digest = String.to_atom(digest)
+
+    binary_hash =
+      KeyGenerator.generate(password, salt, digest: digest, iterations: iterations, length: 64)
+
+    encode64(binary_hash) == hash
+  end
+
+  def hash_pwd_salt(password, opts \\ []) do
+    salt =
+      Keyword.get_lazy(opts, :salt, fn ->
+        :crypto.strong_rand_bytes(16)
+      end)
+
+    digest = Keyword.get(opts, :digest, :sha512)
+
+    iterations =
+      Keyword.get(opts, :iterations, Pleroma.Config.get([:password, :iterations], 160_000))
+
+    binary_hash =
+      KeyGenerator.generate(password, salt, digest: digest, iterations: iterations, length: 64)
+
+    "$pbkdf2-#{digest}$#{iterations}$#{encode64(salt)}$#{encode64(binary_hash)}"
+  end
+end
diff --git a/test/pleroma/password_test.exs b/test/pleroma/password_test.exs
new file mode 100644
index 000000000..6ed0ca826
--- /dev/null
+++ b/test/pleroma/password_test.exs
@@ -0,0 +1,35 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.PasswordTest do
+  use Pleroma.DataCase, async: true
+
+  alias Pleroma.Password
+
+  test "it generates the same hash as pbkd2_elixir" do
+    # hash = Pleroma.Password.hash_pwd_salt("password")
+    hash =
+      "$pbkdf2-sha512$1$QJpEYw8iBKcnY.4Rm0eCVw$UBPeWQ91RxSv3snxsb/ZzMeG/2aa03c541bbo8vQudREGNta5t8jBQrd00fyJp8RjaqfvgdZxy2rhSwljyu21g"
+
+    # Use the same randomly generated salt
+    salt = Password.decode64("QJpEYw8iBKcnY.4Rm0eCVw")
+
+    assert hash == Password.hash_pwd_salt("password", salt: salt)
+  end
+
+  @tag skip: "Works when Pbkd2 is present. Source: trust me bro"
+  test "Pleroma.Password can verify passwords generated with it" do
+    hash = Password.hash_pwd_salt("password")
+
+    assert Pleroma.Password.verify_pass("password", hash)
+  end
+
+  test "it verifies pbkdf2_elixir hashes" do
+    # hash = Pleroma.Password.hash_pwd_salt("password")
+    hash =
+      "$pbkdf2-sha512$1$QJpEYw8iBKcnY.4Rm0eCVw$UBPeWQ91RxSv3snxsb/ZzMeG/2aa03c541bbo8vQudREGNta5t8jBQrd00fyJp8RjaqfvgdZxy2rhSwljyu21g"
+
+    assert Password.verify_pass("password", hash)
+  end
+end

From 9106048c6191b4b16037980655514d9b5e430023 Mon Sep 17 00:00:00 2001
From: lain <lain@soykaf.club>
Date: Wed, 13 Jan 2021 15:11:11 +0100
Subject: [PATCH 2/6] Password: Replace Pbkdf2 with Password.

---
 benchmarks/load_testing/users.ex               |  2 +-
 lib/pleroma/mfa.ex                             |  2 +-
 lib/pleroma/user.ex                            |  2 +-
 lib/pleroma/web/plugs/authentication_plug.ex   |  2 +-
 mix.exs                                        |  1 -
 test/pleroma/mfa_test.exs                      |  4 ++--
 test/pleroma/web/auth/basic_auth_test.exs      |  2 +-
 .../web/auth/pleroma_authenticator_test.exs    |  2 +-
 .../web/auth/totp_authenticator_test.exs       |  2 +-
 .../web/mongoose_im_controller_test.exs        |  4 ++--
 .../web/o_auth/ldap_authorization_test.exs     |  4 ++--
 .../pleroma/web/o_auth/mfa_controller_test.exs |  4 ++--
 .../web/o_auth/o_auth_controller_test.exs      | 18 +++++++++---------
 .../web/plugs/authentication_plug_test.exs     |  2 +-
 .../twitter_api/password_controller_test.exs   |  2 +-
 .../web/twitter_api/util_controller_test.exs   |  2 +-
 test/support/builders/user_builder.ex          |  2 +-
 test/support/factory.ex                        |  2 +-
 18 files changed, 29 insertions(+), 30 deletions(-)

diff --git a/benchmarks/load_testing/users.ex b/benchmarks/load_testing/users.ex
index 34a904ac2..1815490a4 100644
--- a/benchmarks/load_testing/users.ex
+++ b/benchmarks/load_testing/users.ex
@@ -55,7 +55,7 @@ defmodule Pleroma.LoadTesting.Users do
       name: "Test テスト User #{i}",
       email: "user#{i}@example.com",
       nickname: "nick#{i}",
-      password_hash: Pbkdf2.hash_pwd_salt("test"),
+      password_hash: Pleroma.Password.hash_pwd_salt("test"),
       bio: "Tester Number #{i}",
       local: !remote
     }
diff --git a/lib/pleroma/mfa.ex b/lib/pleroma/mfa.ex
index f43e03a54..29488c876 100644
--- a/lib/pleroma/mfa.ex
+++ b/lib/pleroma/mfa.ex
@@ -71,7 +71,7 @@ defmodule Pleroma.MFA do
   @spec generate_backup_codes(User.t()) :: {:ok, list(binary)} | {:error, String.t()}
   def generate_backup_codes(%User{} = user) do
     with codes <- BackupCodes.generate(),
-         hashed_codes <- Enum.map(codes, &Pbkdf2.hash_pwd_salt/1),
+         hashed_codes <- Enum.map(codes, &Pleroma.Password.hash_pwd_salt/1),
          changeset <- Changeset.cast_backup_codes(user, hashed_codes),
          {:ok, _} <- User.update_and_set_cache(changeset) do
       {:ok, codes}
diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex
index cd0c64acc..04e6ffd51 100644
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@@ -2187,7 +2187,7 @@ defmodule Pleroma.User do
   defp put_password_hash(
          %Ecto.Changeset{valid?: true, changes: %{password: password}} = changeset
        ) do
-    change(changeset, password_hash: Pbkdf2.hash_pwd_salt(password))
+    change(changeset, password_hash: Pleroma.Password.hash_pwd_salt(password))
   end
 
   defp put_password_hash(changeset), do: changeset
diff --git a/lib/pleroma/web/plugs/authentication_plug.ex b/lib/pleroma/web/plugs/authentication_plug.ex
index c3e13858a..f7a2a3ab7 100644
--- a/lib/pleroma/web/plugs/authentication_plug.ex
+++ b/lib/pleroma/web/plugs/authentication_plug.ex
@@ -48,7 +48,7 @@ defmodule Pleroma.Web.Plugs.AuthenticationPlug do
   end
 
   def checkpw(password, "$pbkdf2" <> _ = password_hash) do
-    Pbkdf2.verify_pass(password, password_hash)
+    Pleroma.Password.verify_pass(password, password_hash)
   end
 
   def checkpw(_password, _password_hash) do
diff --git a/mix.exs b/mix.exs
index f26a5391a..14448f12f 100644
--- a/mix.exs
+++ b/mix.exs
@@ -125,7 +125,6 @@ defmodule Pleroma.Mixfile do
       {:postgrex, ">= 0.15.5"},
       {:oban, "~> 2.1.0"},
       {:gettext, "~> 0.18"},
-      {:pbkdf2_elixir, "~> 1.2"},
       {:bcrypt_elixir, "~> 2.2"},
       {:trailing_format_plug, "~> 0.0.7"},
       {:fast_sanitize, "~> 0.2.0"},
diff --git a/test/pleroma/mfa_test.exs b/test/pleroma/mfa_test.exs
index 29e478892..db68fc1ca 100644
--- a/test/pleroma/mfa_test.exs
+++ b/test/pleroma/mfa_test.exs
@@ -30,8 +30,8 @@ defmodule Pleroma.MFATest do
       {:ok, [code1, code2]} = MFA.generate_backup_codes(user)
       updated_user = refresh_record(user)
       [hash1, hash2] = updated_user.multi_factor_authentication_settings.backup_codes
-      assert Pbkdf2.verify_pass(code1, hash1)
-      assert Pbkdf2.verify_pass(code2, hash2)
+      assert Pleroma.Password.verify_pass(code1, hash1)
+      assert Pleroma.Password.verify_pass(code2, hash2)
     end
   end
 
diff --git a/test/pleroma/web/auth/basic_auth_test.exs b/test/pleroma/web/auth/basic_auth_test.exs
index f732c7e27..b74516dd6 100644
--- a/test/pleroma/web/auth/basic_auth_test.exs
+++ b/test/pleroma/web/auth/basic_auth_test.exs
@@ -11,7 +11,7 @@ defmodule Pleroma.Web.Auth.BasicAuthTest do
     conn: conn
   } do
     user = insert(:user)
-    assert Pbkdf2.verify_pass("test", user.password_hash)
+    assert Pleroma.Password.verify_pass("test", user.password_hash)
 
     basic_auth_contents =
       (URI.encode_www_form(user.nickname) <> ":" <> URI.encode_www_form("test"))
diff --git a/test/pleroma/web/auth/pleroma_authenticator_test.exs b/test/pleroma/web/auth/pleroma_authenticator_test.exs
index 477cf26ed..ec63e2d41 100644
--- a/test/pleroma/web/auth/pleroma_authenticator_test.exs
+++ b/test/pleroma/web/auth/pleroma_authenticator_test.exs
@@ -11,7 +11,7 @@ defmodule Pleroma.Web.Auth.PleromaAuthenticatorTest do
   setup do
     password = "testpassword"
     name = "AgentSmith"
-    user = insert(:user, nickname: name, password_hash: Pbkdf2.hash_pwd_salt(password))
+    user = insert(:user, nickname: name, password_hash: Pleroma.Password.hash_pwd_salt(password))
     {:ok, [user: user, name: name, password: password]}
   end
 
diff --git a/test/pleroma/web/auth/totp_authenticator_test.exs b/test/pleroma/web/auth/totp_authenticator_test.exs
index 583612454..6d2646b61 100644
--- a/test/pleroma/web/auth/totp_authenticator_test.exs
+++ b/test/pleroma/web/auth/totp_authenticator_test.exs
@@ -34,7 +34,7 @@ defmodule Pleroma.Web.Auth.TOTPAuthenticatorTest do
 
     hashed_codes =
       backup_codes
-      |> Enum.map(&Pbkdf2.hash_pwd_salt(&1))
+      |> Enum.map(&Pleroma.Password.hash_pwd_salt(&1))
 
     user =
       insert(:user,
diff --git a/test/pleroma/web/mongoose_im_controller_test.exs b/test/pleroma/web/mongoose_im_controller_test.exs
index 031db53c8..183a17a02 100644
--- a/test/pleroma/web/mongoose_im_controller_test.exs
+++ b/test/pleroma/web/mongoose_im_controller_test.exs
@@ -41,13 +41,13 @@ defmodule Pleroma.Web.MongooseIMControllerTest do
   end
 
   test "/check_password", %{conn: conn} do
-    user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt("cool"))
+    user = insert(:user, password_hash: Pleroma.Password.hash_pwd_salt("cool"))
 
     _deactivated_user =
       insert(:user,
         nickname: "konata",
         deactivated: true,
-        password_hash: Pbkdf2.hash_pwd_salt("cool")
+        password_hash: Pleroma.Password.hash_pwd_salt("cool")
       )
 
     res =
diff --git a/test/pleroma/web/o_auth/ldap_authorization_test.exs b/test/pleroma/web/o_auth/ldap_authorization_test.exs
index 4a2e940fd..9ebd084a5 100644
--- a/test/pleroma/web/o_auth/ldap_authorization_test.exs
+++ b/test/pleroma/web/o_auth/ldap_authorization_test.exs
@@ -18,7 +18,7 @@ defmodule Pleroma.Web.OAuth.LDAPAuthorizationTest do
   @tag @skip
   test "authorizes the existing user using LDAP credentials" do
     password = "testpassword"
-    user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt(password))
+    user = insert(:user, password_hash: Pleroma.Password.hash_pwd_salt(password))
     app = insert(:oauth_app, scopes: ["read", "write"])
 
     host = Pleroma.Config.get([:ldap, :host]) |> to_charlist
@@ -101,7 +101,7 @@ defmodule Pleroma.Web.OAuth.LDAPAuthorizationTest do
   @tag @skip
   test "disallow authorization for wrong LDAP credentials" do
     password = "testpassword"
-    user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt(password))
+    user = insert(:user, password_hash: Pleroma.Password.hash_pwd_salt(password))
     app = insert(:oauth_app, scopes: ["read", "write"])
 
     host = Pleroma.Config.get([:ldap, :host]) |> to_charlist
diff --git a/test/pleroma/web/o_auth/mfa_controller_test.exs b/test/pleroma/web/o_auth/mfa_controller_test.exs
index 9fc1e0ec2..dacf03b2b 100644
--- a/test/pleroma/web/o_auth/mfa_controller_test.exs
+++ b/test/pleroma/web/o_auth/mfa_controller_test.exs
@@ -20,7 +20,7 @@ defmodule Pleroma.Web.OAuth.MFAControllerTest do
       insert(:user,
         multi_factor_authentication_settings: %MFA.Settings{
           enabled: true,
-          backup_codes: [Pbkdf2.hash_pwd_salt("test-code")],
+          backup_codes: [Pleroma.Password.hash_pwd_salt("test-code")],
           totp: %MFA.Settings.TOTP{secret: otp_secret, confirmed: true}
         }
       )
@@ -246,7 +246,7 @@ defmodule Pleroma.Web.OAuth.MFAControllerTest do
 
       hashed_codes =
         backup_codes
-        |> Enum.map(&Pbkdf2.hash_pwd_salt(&1))
+        |> Enum.map(&Pleroma.Password.hash_pwd_salt(&1))
 
       user =
         insert(:user,
diff --git a/test/pleroma/web/o_auth/o_auth_controller_test.exs b/test/pleroma/web/o_auth/o_auth_controller_test.exs
index f01fdf660..1c5438cc2 100644
--- a/test/pleroma/web/o_auth/o_auth_controller_test.exs
+++ b/test/pleroma/web/o_auth/o_auth_controller_test.exs
@@ -316,7 +316,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
            app: app,
            conn: conn
          } do
-      user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt("testpassword"))
+      user = insert(:user, password_hash: Pleroma.Password.hash_pwd_salt("testpassword"))
       registration = insert(:registration, user: nil)
       redirect_uri = OAuthController.default_redirect_uri(app)
 
@@ -347,7 +347,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
            app: app,
            conn: conn
          } do
-      user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt("testpassword"))
+      user = insert(:user, password_hash: Pleroma.Password.hash_pwd_salt("testpassword"))
       registration = insert(:registration, user: nil)
       unlisted_redirect_uri = "http://cross-site-request.com"
 
@@ -790,7 +790,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
 
     test "issues a token for `password` grant_type with valid credentials, with full permissions by default" do
       password = "testpassword"
-      user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt(password))
+      user = insert(:user, password_hash: Pleroma.Password.hash_pwd_salt(password))
 
       app = insert(:oauth_app, scopes: ["read", "write"])
 
@@ -818,7 +818,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
 
       user =
         insert(:user,
-          password_hash: Pbkdf2.hash_pwd_salt(password),
+          password_hash: Pleroma.Password.hash_pwd_salt(password),
           multi_factor_authentication_settings: %MFA.Settings{
             enabled: true,
             totp: %MFA.Settings.TOTP{secret: otp_secret, confirmed: true}
@@ -927,7 +927,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
       password = "testpassword"
 
       {:ok, user} =
-        insert(:user, password_hash: Pbkdf2.hash_pwd_salt(password))
+        insert(:user, password_hash: Pleroma.Password.hash_pwd_salt(password))
         |> User.confirmation_changeset(need_confirmation: true)
         |> User.update_and_set_cache()
 
@@ -955,7 +955,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
 
       user =
         insert(:user,
-          password_hash: Pbkdf2.hash_pwd_salt(password),
+          password_hash: Pleroma.Password.hash_pwd_salt(password),
           deactivated: true
         )
 
@@ -983,7 +983,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
 
       user =
         insert(:user,
-          password_hash: Pbkdf2.hash_pwd_salt(password),
+          password_hash: Pleroma.Password.hash_pwd_salt(password),
           password_reset_pending: true
         )
 
@@ -1012,7 +1012,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
 
       user =
         insert(:user,
-          password_hash: Pbkdf2.hash_pwd_salt(password),
+          password_hash: Pleroma.Password.hash_pwd_salt(password),
           confirmation_pending: true
         )
 
@@ -1038,7 +1038,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
     test "rejects token exchange for valid credentials belonging to an unapproved user" do
       password = "testpassword"
 
-      user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt(password), approval_pending: true)
+      user = insert(:user, password_hash: Pleroma.Password.hash_pwd_salt(password), approval_pending: true)
 
       refute Pleroma.User.account_status(user) == :active
 
diff --git a/test/pleroma/web/plugs/authentication_plug_test.exs b/test/pleroma/web/plugs/authentication_plug_test.exs
index 9d66681ce..4a0ff6710 100644
--- a/test/pleroma/web/plugs/authentication_plug_test.exs
+++ b/test/pleroma/web/plugs/authentication_plug_test.exs
@@ -17,7 +17,7 @@ defmodule Pleroma.Web.Plugs.AuthenticationPlugTest do
     user = %User{
       id: 1,
       name: "dude",
-      password_hash: Pbkdf2.hash_pwd_salt("guy")
+      password_hash: Pleroma.Password.hash_pwd_salt("guy")
     }
 
     conn =
diff --git a/test/pleroma/web/twitter_api/password_controller_test.exs b/test/pleroma/web/twitter_api/password_controller_test.exs
index a552af4c3..880f097cb 100644
--- a/test/pleroma/web/twitter_api/password_controller_test.exs
+++ b/test/pleroma/web/twitter_api/password_controller_test.exs
@@ -92,7 +92,7 @@ defmodule Pleroma.Web.TwitterAPI.PasswordControllerTest do
       assert response =~ "<h2>Password changed!</h2>"
 
       user = refresh_record(user)
-      assert Pbkdf2.verify_pass("test", user.password_hash)
+      assert Pleroma.Password.verify_pass("test", user.password_hash)
       assert Enum.empty?(Token.get_user_tokens(user))
     end
 
diff --git a/test/pleroma/web/twitter_api/util_controller_test.exs b/test/pleroma/web/twitter_api/util_controller_test.exs
index 882122848..923be8fae 100644
--- a/test/pleroma/web/twitter_api/util_controller_test.exs
+++ b/test/pleroma/web/twitter_api/util_controller_test.exs
@@ -397,7 +397,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
 
       assert json_response(conn, 200) == %{"status" => "success"}
       fetched_user = User.get_cached_by_id(user.id)
-      assert Pbkdf2.verify_pass("newpass", fetched_user.password_hash) == true
+      assert Pleroma.Password.verify_pass("newpass", fetched_user.password_hash) == true
     end
   end
 
diff --git a/test/support/builders/user_builder.ex b/test/support/builders/user_builder.ex
index 0c687c029..27470498d 100644
--- a/test/support/builders/user_builder.ex
+++ b/test/support/builders/user_builder.ex
@@ -7,7 +7,7 @@ defmodule Pleroma.Builders.UserBuilder do
       email: "test@example.org",
       name: "Test Name",
       nickname: "testname",
-      password_hash: Pbkdf2.hash_pwd_salt("test"),
+      password_hash: Pleroma.Password.hash_pwd_salt("test"),
       bio: "A tester.",
       ap_id: "some id",
       last_digest_emailed_at: NaiveDateTime.truncate(NaiveDateTime.utc_now(), :second),
diff --git a/test/support/factory.ex b/test/support/factory.ex
index bf7121901..53b1dfd09 100644
--- a/test/support/factory.ex
+++ b/test/support/factory.ex
@@ -29,7 +29,7 @@ defmodule Pleroma.Factory do
       name: sequence(:name, &"Test テスト User #{&1}"),
       email: sequence(:email, &"user#{&1}@example.com"),
       nickname: sequence(:nickname, &"nick#{&1}"),
-      password_hash: Pbkdf2.hash_pwd_salt("test"),
+      password_hash: Pleroma.Password.hash_pwd_salt("test"),
       bio: sequence(:bio, &"Tester Number #{&1}"),
       is_discoverable: true,
       last_digest_emailed_at: NaiveDateTime.utc_now(),

From aff83eb7c12b08164c29c134e619cf116127c423 Mon Sep 17 00:00:00 2001
From: Lain Soykaf <lain@lain.com>
Date: Wed, 13 Jan 2021 16:00:12 +0100
Subject: [PATCH 3/6] Linting

---
 test/pleroma/web/o_auth/o_auth_controller_test.exs | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/test/pleroma/web/o_auth/o_auth_controller_test.exs b/test/pleroma/web/o_auth/o_auth_controller_test.exs
index 1c5438cc2..c6ee7b7e8 100644
--- a/test/pleroma/web/o_auth/o_auth_controller_test.exs
+++ b/test/pleroma/web/o_auth/o_auth_controller_test.exs
@@ -1038,7 +1038,11 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
     test "rejects token exchange for valid credentials belonging to an unapproved user" do
       password = "testpassword"
 
-      user = insert(:user, password_hash: Pleroma.Password.hash_pwd_salt(password), approval_pending: true)
+      user =
+        insert(:user,
+          password_hash: Pleroma.Password.hash_pwd_salt(password),
+          approval_pending: true
+        )
 
       refute Pleroma.User.account_status(user) == :active
 

From 87a31c5c9b903517ec0317d2a331be36f2ea5051 Mon Sep 17 00:00:00 2001
From: Lain Soykaf <lain@lain.com>
Date: Thu, 14 Jan 2021 14:49:39 +0100
Subject: [PATCH 4/6] Password -> Password.Pbkdf2

---
 lib/pleroma/password/pbkdf2.ex        | 55 +++++++++++++++++++++++++++
 test/pleroma/password/pbkdf2_test.exs | 35 +++++++++++++++++
 2 files changed, 90 insertions(+)
 create mode 100644 lib/pleroma/password/pbkdf2.ex
 create mode 100644 test/pleroma/password/pbkdf2_test.exs

diff --git a/lib/pleroma/password/pbkdf2.ex b/lib/pleroma/password/pbkdf2.ex
new file mode 100644
index 000000000..747bc1d1d
--- /dev/null
+++ b/lib/pleroma/password/pbkdf2.ex
@@ -0,0 +1,55 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Password.Pbkdf2 do
+  @moduledoc """
+  This module implements Pleroma.Password.Pbkdf2 passwords in terms of Plug.Crypto.
+  """
+
+  alias Plug.Crypto.KeyGenerator
+
+  def decode64(str) do
+    str
+    |> String.replace(".", "+")
+    |> Base.decode64!(padding: false)
+  end
+
+  def encode64(bin) do
+    bin
+    |> Base.encode64(padding: false)
+    |> String.replace("+", ".")
+  end
+
+  def verify_pass(password, hash) do
+    ["pbkdf2-" <> digest, iterations, salt, hash] = String.split(hash, "$", trim: true)
+
+    salt = decode64(salt)
+
+    iterations = String.to_integer(iterations)
+
+    digest = String.to_atom(digest)
+
+    binary_hash =
+      KeyGenerator.generate(password, salt, digest: digest, iterations: iterations, length: 64)
+
+    encode64(binary_hash) == hash
+  end
+
+  def hash_pwd_salt(password, opts \\ []) do
+    salt =
+      Keyword.get_lazy(opts, :salt, fn ->
+        :crypto.strong_rand_bytes(16)
+      end)
+
+    digest = Keyword.get(opts, :digest, :sha512)
+
+    iterations =
+      Keyword.get(opts, :iterations, Pleroma.Config.get([:password, :iterations], 160_000))
+
+    binary_hash =
+      KeyGenerator.generate(password, salt, digest: digest, iterations: iterations, length: 64)
+
+    "$pbkdf2-#{digest}$#{iterations}$#{encode64(salt)}$#{encode64(binary_hash)}"
+  end
+end
diff --git a/test/pleroma/password/pbkdf2_test.exs b/test/pleroma/password/pbkdf2_test.exs
new file mode 100644
index 000000000..4acbda939
--- /dev/null
+++ b/test/pleroma/password/pbkdf2_test.exs
@@ -0,0 +1,35 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Password.Pbkdf2Test do
+  use Pleroma.DataCase, async: true
+
+  alias Pleroma.Password.Pbkdf2
+
+  test "it generates the same hash as pbkd2_elixir" do
+    # hash = Pleroma.Password.Pbkdf2.hash_pwd_salt("password")
+    hash =
+      "$pbkdf2-sha512$1$QJpEYw8iBKcnY.4Rm0eCVw$UBPeWQ91RxSv3snxsb/ZzMeG/2aa03c541bbo8vQudREGNta5t8jBQrd00fyJp8RjaqfvgdZxy2rhSwljyu21g"
+
+    # Use the same randomly generated salt
+    salt = Password.decode64("QJpEYw8iBKcnY.4Rm0eCVw")
+
+    assert hash == Password.hash_pwd_salt("password", salt: salt)
+  end
+
+  @tag skip: "Works when Pbkd2 is present. Source: trust me bro"
+  test "Pleroma.Password.Pbkdf2 can verify passwords generated with it" do
+    hash = Password.hash_pwd_salt("password")
+
+    assert Pleroma.Password.Pbkdf2.verify_pass("password", hash)
+  end
+
+  test "it verifies pbkdf2_elixir hashes" do
+    # hash = Pleroma.Password.Pbkdf2.hash_pwd_salt("password")
+    hash =
+      "$pbkdf2-sha512$1$QJpEYw8iBKcnY.4Rm0eCVw$UBPeWQ91RxSv3snxsb/ZzMeG/2aa03c541bbo8vQudREGNta5t8jBQrd00fyJp8RjaqfvgdZxy2rhSwljyu21g"
+
+    assert Password.verify_pass("password", hash)
+  end
+end

From 39f3683a06aea3d6aed85c611b0db0f6ea21052a Mon Sep 17 00:00:00 2001
From: Lain Soykaf <lain@lain.com>
Date: Thu, 14 Jan 2021 15:06:16 +0100
Subject: [PATCH 5/6] Pbkdf2: Use it everywhere.

---
 benchmarks/load_testing/users.ex              |  2 +-
 lib/pleroma/mfa.ex                            |  2 +-
 lib/pleroma/password.ex                       | 55 -------------------
 lib/pleroma/password/pbkdf2.ex                |  2 +-
 lib/pleroma/user.ex                           |  2 +-
 lib/pleroma/web/plugs/authentication_plug.ex  |  2 +-
 test/pleroma/mfa_test.exs                     |  4 +-
 test/pleroma/password/pbkdf2_test.exs         | 14 ++---
 test/pleroma/password_test.exs                | 35 ------------
 test/pleroma/web/auth/basic_auth_test.exs     |  2 +-
 .../web/auth/pleroma_authenticator_test.exs   |  2 +-
 .../web/auth/totp_authenticator_test.exs      |  2 +-
 .../web/mongoose_im_controller_test.exs       |  4 +-
 .../web/o_auth/ldap_authorization_test.exs    |  4 +-
 .../web/o_auth/mfa_controller_test.exs        |  4 +-
 .../web/o_auth/o_auth_controller_test.exs     | 18 +++---
 .../web/plugs/authentication_plug_test.exs    |  2 +-
 .../twitter_api/password_controller_test.exs  |  2 +-
 .../web/twitter_api/util_controller_test.exs  |  2 +-
 test/support/builders/user_builder.ex         |  2 +-
 test/support/factory.ex                       |  2 +-
 21 files changed, 37 insertions(+), 127 deletions(-)
 delete mode 100644 lib/pleroma/password.ex
 delete mode 100644 test/pleroma/password_test.exs

diff --git a/benchmarks/load_testing/users.ex b/benchmarks/load_testing/users.ex
index 1815490a4..0a33cbfdb 100644
--- a/benchmarks/load_testing/users.ex
+++ b/benchmarks/load_testing/users.ex
@@ -55,7 +55,7 @@ defmodule Pleroma.LoadTesting.Users do
       name: "Test テスト User #{i}",
       email: "user#{i}@example.com",
       nickname: "nick#{i}",
-      password_hash: Pleroma.Password.hash_pwd_salt("test"),
+      password_hash: Pleroma.Password.Pbkdf2.hash_pwd_salt("test"),
       bio: "Tester Number #{i}",
       local: !remote
     }
diff --git a/lib/pleroma/mfa.ex b/lib/pleroma/mfa.ex
index 29488c876..02dce7d49 100644
--- a/lib/pleroma/mfa.ex
+++ b/lib/pleroma/mfa.ex
@@ -71,7 +71,7 @@ defmodule Pleroma.MFA do
   @spec generate_backup_codes(User.t()) :: {:ok, list(binary)} | {:error, String.t()}
   def generate_backup_codes(%User{} = user) do
     with codes <- BackupCodes.generate(),
-         hashed_codes <- Enum.map(codes, &Pleroma.Password.hash_pwd_salt/1),
+         hashed_codes <- Enum.map(codes, &Pleroma.Password.Pbkdf2.hash_pwd_salt/1),
          changeset <- Changeset.cast_backup_codes(user, hashed_codes),
          {:ok, _} <- User.update_and_set_cache(changeset) do
       {:ok, codes}
diff --git a/lib/pleroma/password.ex b/lib/pleroma/password.ex
deleted file mode 100644
index e96249650..000000000
--- a/lib/pleroma/password.ex
+++ /dev/null
@@ -1,55 +0,0 @@
-# Pleroma: A lightweight social networking server
-# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-defmodule Pleroma.Password do
-  @moduledoc """
-  This module implements Pleroma.Password passwords in terms of Plug.Crypto.
-  """
-
-  alias Plug.Crypto.KeyGenerator
-
-  def decode64(str) do
-    str
-    |> String.replace(".", "+")
-    |> Base.decode64!(padding: false)
-  end
-
-  def encode64(bin) do
-    bin
-    |> Base.encode64(padding: false)
-    |> String.replace("+", ".")
-  end
-
-  def verify_pass(password, hash) do
-    ["pbkdf2-" <> digest, iterations, salt, hash] = String.split(hash, "$", trim: true)
-
-    salt = decode64(salt)
-
-    iterations = String.to_integer(iterations)
-
-    digest = String.to_atom(digest)
-
-    binary_hash =
-      KeyGenerator.generate(password, salt, digest: digest, iterations: iterations, length: 64)
-
-    encode64(binary_hash) == hash
-  end
-
-  def hash_pwd_salt(password, opts \\ []) do
-    salt =
-      Keyword.get_lazy(opts, :salt, fn ->
-        :crypto.strong_rand_bytes(16)
-      end)
-
-    digest = Keyword.get(opts, :digest, :sha512)
-
-    iterations =
-      Keyword.get(opts, :iterations, Pleroma.Config.get([:password, :iterations], 160_000))
-
-    binary_hash =
-      KeyGenerator.generate(password, salt, digest: digest, iterations: iterations, length: 64)
-
-    "$pbkdf2-#{digest}$#{iterations}$#{encode64(salt)}$#{encode64(binary_hash)}"
-  end
-end
diff --git a/lib/pleroma/password/pbkdf2.ex b/lib/pleroma/password/pbkdf2.ex
index 747bc1d1d..2fd5f4491 100644
--- a/lib/pleroma/password/pbkdf2.ex
+++ b/lib/pleroma/password/pbkdf2.ex
@@ -4,7 +4,7 @@
 
 defmodule Pleroma.Password.Pbkdf2 do
   @moduledoc """
-  This module implements Pleroma.Password.Pbkdf2 passwords in terms of Plug.Crypto.
+  This module implements Pbkdf2 passwords in terms of Plug.Crypto.
   """
 
   alias Plug.Crypto.KeyGenerator
diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex
index 04e6ffd51..6a81adfd6 100644
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@@ -2187,7 +2187,7 @@ defmodule Pleroma.User do
   defp put_password_hash(
          %Ecto.Changeset{valid?: true, changes: %{password: password}} = changeset
        ) do
-    change(changeset, password_hash: Pleroma.Password.hash_pwd_salt(password))
+    change(changeset, password_hash: Pleroma.Password.Pbkdf2.hash_pwd_salt(password))
   end
 
   defp put_password_hash(changeset), do: changeset
diff --git a/lib/pleroma/web/plugs/authentication_plug.ex b/lib/pleroma/web/plugs/authentication_plug.ex
index f7a2a3ab7..8d58169cf 100644
--- a/lib/pleroma/web/plugs/authentication_plug.ex
+++ b/lib/pleroma/web/plugs/authentication_plug.ex
@@ -48,7 +48,7 @@ defmodule Pleroma.Web.Plugs.AuthenticationPlug do
   end
 
   def checkpw(password, "$pbkdf2" <> _ = password_hash) do
-    Pleroma.Password.verify_pass(password, password_hash)
+    Pleroma.Password.Pbkdf2.verify_pass(password, password_hash)
   end
 
   def checkpw(_password, _password_hash) do
diff --git a/test/pleroma/mfa_test.exs b/test/pleroma/mfa_test.exs
index db68fc1ca..76ba1a99d 100644
--- a/test/pleroma/mfa_test.exs
+++ b/test/pleroma/mfa_test.exs
@@ -30,8 +30,8 @@ defmodule Pleroma.MFATest do
       {:ok, [code1, code2]} = MFA.generate_backup_codes(user)
       updated_user = refresh_record(user)
       [hash1, hash2] = updated_user.multi_factor_authentication_settings.backup_codes
-      assert Pleroma.Password.verify_pass(code1, hash1)
-      assert Pleroma.Password.verify_pass(code2, hash2)
+      assert Pleroma.Password.Pbkdf2.verify_pass(code1, hash1)
+      assert Pleroma.Password.Pbkdf2.verify_pass(code2, hash2)
     end
   end
 
diff --git a/test/pleroma/password/pbkdf2_test.exs b/test/pleroma/password/pbkdf2_test.exs
index 4acbda939..e55348f9a 100644
--- a/test/pleroma/password/pbkdf2_test.exs
+++ b/test/pleroma/password/pbkdf2_test.exs
@@ -5,10 +5,10 @@
 defmodule Pleroma.Password.Pbkdf2Test do
   use Pleroma.DataCase, async: true
 
-  alias Pleroma.Password.Pbkdf2
+  alias Pleroma.Password.Pbkdf2, as: Password
 
   test "it generates the same hash as pbkd2_elixir" do
-    # hash = Pleroma.Password.Pbkdf2.hash_pwd_salt("password")
+    # hash = Pbkdf2.hash_pwd_salt("password")
     hash =
       "$pbkdf2-sha512$1$QJpEYw8iBKcnY.4Rm0eCVw$UBPeWQ91RxSv3snxsb/ZzMeG/2aa03c541bbo8vQudREGNta5t8jBQrd00fyJp8RjaqfvgdZxy2rhSwljyu21g"
 
@@ -19,14 +19,14 @@ defmodule Pleroma.Password.Pbkdf2Test do
   end
 
   @tag skip: "Works when Pbkd2 is present. Source: trust me bro"
-  test "Pleroma.Password.Pbkdf2 can verify passwords generated with it" do
-    hash = Password.hash_pwd_salt("password")
-
-    assert Pleroma.Password.Pbkdf2.verify_pass("password", hash)
+  test "Pbkdf2 can verify passwords generated with it" do
+    # Commented to prevent warnings.
+    # hash = Password.hash_pwd_salt("password")
+    # assert Pbkdf2.verify_pass("password", hash)
   end
 
   test "it verifies pbkdf2_elixir hashes" do
-    # hash = Pleroma.Password.Pbkdf2.hash_pwd_salt("password")
+    # hash = Pbkdf2.hash_pwd_salt("password")
     hash =
       "$pbkdf2-sha512$1$QJpEYw8iBKcnY.4Rm0eCVw$UBPeWQ91RxSv3snxsb/ZzMeG/2aa03c541bbo8vQudREGNta5t8jBQrd00fyJp8RjaqfvgdZxy2rhSwljyu21g"
 
diff --git a/test/pleroma/password_test.exs b/test/pleroma/password_test.exs
deleted file mode 100644
index 6ed0ca826..000000000
--- a/test/pleroma/password_test.exs
+++ /dev/null
@@ -1,35 +0,0 @@
-# Pleroma: A lightweight social networking server
-# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-defmodule Pleroma.PasswordTest do
-  use Pleroma.DataCase, async: true
-
-  alias Pleroma.Password
-
-  test "it generates the same hash as pbkd2_elixir" do
-    # hash = Pleroma.Password.hash_pwd_salt("password")
-    hash =
-      "$pbkdf2-sha512$1$QJpEYw8iBKcnY.4Rm0eCVw$UBPeWQ91RxSv3snxsb/ZzMeG/2aa03c541bbo8vQudREGNta5t8jBQrd00fyJp8RjaqfvgdZxy2rhSwljyu21g"
-
-    # Use the same randomly generated salt
-    salt = Password.decode64("QJpEYw8iBKcnY.4Rm0eCVw")
-
-    assert hash == Password.hash_pwd_salt("password", salt: salt)
-  end
-
-  @tag skip: "Works when Pbkd2 is present. Source: trust me bro"
-  test "Pleroma.Password can verify passwords generated with it" do
-    hash = Password.hash_pwd_salt("password")
-
-    assert Pleroma.Password.verify_pass("password", hash)
-  end
-
-  test "it verifies pbkdf2_elixir hashes" do
-    # hash = Pleroma.Password.hash_pwd_salt("password")
-    hash =
-      "$pbkdf2-sha512$1$QJpEYw8iBKcnY.4Rm0eCVw$UBPeWQ91RxSv3snxsb/ZzMeG/2aa03c541bbo8vQudREGNta5t8jBQrd00fyJp8RjaqfvgdZxy2rhSwljyu21g"
-
-    assert Password.verify_pass("password", hash)
-  end
-end
diff --git a/test/pleroma/web/auth/basic_auth_test.exs b/test/pleroma/web/auth/basic_auth_test.exs
index b74516dd6..2816aae4c 100644
--- a/test/pleroma/web/auth/basic_auth_test.exs
+++ b/test/pleroma/web/auth/basic_auth_test.exs
@@ -11,7 +11,7 @@ defmodule Pleroma.Web.Auth.BasicAuthTest do
     conn: conn
   } do
     user = insert(:user)
-    assert Pleroma.Password.verify_pass("test", user.password_hash)
+    assert Pleroma.Password.Pbkdf2.verify_pass("test", user.password_hash)
 
     basic_auth_contents =
       (URI.encode_www_form(user.nickname) <> ":" <> URI.encode_www_form("test"))
diff --git a/test/pleroma/web/auth/pleroma_authenticator_test.exs b/test/pleroma/web/auth/pleroma_authenticator_test.exs
index ec63e2d41..edaf9eecb 100644
--- a/test/pleroma/web/auth/pleroma_authenticator_test.exs
+++ b/test/pleroma/web/auth/pleroma_authenticator_test.exs
@@ -11,7 +11,7 @@ defmodule Pleroma.Web.Auth.PleromaAuthenticatorTest do
   setup do
     password = "testpassword"
     name = "AgentSmith"
-    user = insert(:user, nickname: name, password_hash: Pleroma.Password.hash_pwd_salt(password))
+    user = insert(:user, nickname: name, password_hash: Pleroma.Password.Pbkdf2.hash_pwd_salt(password))
     {:ok, [user: user, name: name, password: password]}
   end
 
diff --git a/test/pleroma/web/auth/totp_authenticator_test.exs b/test/pleroma/web/auth/totp_authenticator_test.exs
index 6d2646b61..ac4209f2d 100644
--- a/test/pleroma/web/auth/totp_authenticator_test.exs
+++ b/test/pleroma/web/auth/totp_authenticator_test.exs
@@ -34,7 +34,7 @@ defmodule Pleroma.Web.Auth.TOTPAuthenticatorTest do
 
     hashed_codes =
       backup_codes
-      |> Enum.map(&Pleroma.Password.hash_pwd_salt(&1))
+      |> Enum.map(&Pleroma.Password.Pbkdf2.hash_pwd_salt(&1))
 
     user =
       insert(:user,
diff --git a/test/pleroma/web/mongoose_im_controller_test.exs b/test/pleroma/web/mongoose_im_controller_test.exs
index 183a17a02..a7225d45c 100644
--- a/test/pleroma/web/mongoose_im_controller_test.exs
+++ b/test/pleroma/web/mongoose_im_controller_test.exs
@@ -41,13 +41,13 @@ defmodule Pleroma.Web.MongooseIMControllerTest do
   end
 
   test "/check_password", %{conn: conn} do
-    user = insert(:user, password_hash: Pleroma.Password.hash_pwd_salt("cool"))
+    user = insert(:user, password_hash: Pleroma.Password.Pbkdf2.hash_pwd_salt("cool"))
 
     _deactivated_user =
       insert(:user,
         nickname: "konata",
         deactivated: true,
-        password_hash: Pleroma.Password.hash_pwd_salt("cool")
+        password_hash: Pleroma.Password.Pbkdf2.hash_pwd_salt("cool")
       )
 
     res =
diff --git a/test/pleroma/web/o_auth/ldap_authorization_test.exs b/test/pleroma/web/o_auth/ldap_authorization_test.exs
index 9ebd084a5..61b9ce6b7 100644
--- a/test/pleroma/web/o_auth/ldap_authorization_test.exs
+++ b/test/pleroma/web/o_auth/ldap_authorization_test.exs
@@ -18,7 +18,7 @@ defmodule Pleroma.Web.OAuth.LDAPAuthorizationTest do
   @tag @skip
   test "authorizes the existing user using LDAP credentials" do
     password = "testpassword"
-    user = insert(:user, password_hash: Pleroma.Password.hash_pwd_salt(password))
+    user = insert(:user, password_hash: Pleroma.Password.Pbkdf2.hash_pwd_salt(password))
     app = insert(:oauth_app, scopes: ["read", "write"])
 
     host = Pleroma.Config.get([:ldap, :host]) |> to_charlist
@@ -101,7 +101,7 @@ defmodule Pleroma.Web.OAuth.LDAPAuthorizationTest do
   @tag @skip
   test "disallow authorization for wrong LDAP credentials" do
     password = "testpassword"
-    user = insert(:user, password_hash: Pleroma.Password.hash_pwd_salt(password))
+    user = insert(:user, password_hash: Pleroma.Password.Pbkdf2.hash_pwd_salt(password))
     app = insert(:oauth_app, scopes: ["read", "write"])
 
     host = Pleroma.Config.get([:ldap, :host]) |> to_charlist
diff --git a/test/pleroma/web/o_auth/mfa_controller_test.exs b/test/pleroma/web/o_auth/mfa_controller_test.exs
index dacf03b2b..17bbde85b 100644
--- a/test/pleroma/web/o_auth/mfa_controller_test.exs
+++ b/test/pleroma/web/o_auth/mfa_controller_test.exs
@@ -20,7 +20,7 @@ defmodule Pleroma.Web.OAuth.MFAControllerTest do
       insert(:user,
         multi_factor_authentication_settings: %MFA.Settings{
           enabled: true,
-          backup_codes: [Pleroma.Password.hash_pwd_salt("test-code")],
+          backup_codes: [Pleroma.Password.Pbkdf2.hash_pwd_salt("test-code")],
           totp: %MFA.Settings.TOTP{secret: otp_secret, confirmed: true}
         }
       )
@@ -246,7 +246,7 @@ defmodule Pleroma.Web.OAuth.MFAControllerTest do
 
       hashed_codes =
         backup_codes
-        |> Enum.map(&Pleroma.Password.hash_pwd_salt(&1))
+        |> Enum.map(&Pleroma.Password.Pbkdf2.hash_pwd_salt(&1))
 
       user =
         insert(:user,
diff --git a/test/pleroma/web/o_auth/o_auth_controller_test.exs b/test/pleroma/web/o_auth/o_auth_controller_test.exs
index c6ee7b7e8..bf47afed8 100644
--- a/test/pleroma/web/o_auth/o_auth_controller_test.exs
+++ b/test/pleroma/web/o_auth/o_auth_controller_test.exs
@@ -316,7 +316,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
            app: app,
            conn: conn
          } do
-      user = insert(:user, password_hash: Pleroma.Password.hash_pwd_salt("testpassword"))
+      user = insert(:user, password_hash: Pleroma.Password.Pbkdf2.hash_pwd_salt("testpassword"))
       registration = insert(:registration, user: nil)
       redirect_uri = OAuthController.default_redirect_uri(app)
 
@@ -347,7 +347,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
            app: app,
            conn: conn
          } do
-      user = insert(:user, password_hash: Pleroma.Password.hash_pwd_salt("testpassword"))
+      user = insert(:user, password_hash: Pleroma.Password.Pbkdf2.hash_pwd_salt("testpassword"))
       registration = insert(:registration, user: nil)
       unlisted_redirect_uri = "http://cross-site-request.com"
 
@@ -790,7 +790,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
 
     test "issues a token for `password` grant_type with valid credentials, with full permissions by default" do
       password = "testpassword"
-      user = insert(:user, password_hash: Pleroma.Password.hash_pwd_salt(password))
+      user = insert(:user, password_hash: Pleroma.Password.Pbkdf2.hash_pwd_salt(password))
 
       app = insert(:oauth_app, scopes: ["read", "write"])
 
@@ -818,7 +818,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
 
       user =
         insert(:user,
-          password_hash: Pleroma.Password.hash_pwd_salt(password),
+          password_hash: Pleroma.Password.Pbkdf2.hash_pwd_salt(password),
           multi_factor_authentication_settings: %MFA.Settings{
             enabled: true,
             totp: %MFA.Settings.TOTP{secret: otp_secret, confirmed: true}
@@ -927,7 +927,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
       password = "testpassword"
 
       {:ok, user} =
-        insert(:user, password_hash: Pleroma.Password.hash_pwd_salt(password))
+        insert(:user, password_hash: Pleroma.Password.Pbkdf2.hash_pwd_salt(password))
         |> User.confirmation_changeset(need_confirmation: true)
         |> User.update_and_set_cache()
 
@@ -955,7 +955,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
 
       user =
         insert(:user,
-          password_hash: Pleroma.Password.hash_pwd_salt(password),
+          password_hash: Pleroma.Password.Pbkdf2.hash_pwd_salt(password),
           deactivated: true
         )
 
@@ -983,7 +983,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
 
       user =
         insert(:user,
-          password_hash: Pleroma.Password.hash_pwd_salt(password),
+          password_hash: Pleroma.Password.Pbkdf2.hash_pwd_salt(password),
           password_reset_pending: true
         )
 
@@ -1012,7 +1012,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
 
       user =
         insert(:user,
-          password_hash: Pleroma.Password.hash_pwd_salt(password),
+          password_hash: Pleroma.Password.Pbkdf2.hash_pwd_salt(password),
           confirmation_pending: true
         )
 
@@ -1040,7 +1040,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
 
       user =
         insert(:user,
-          password_hash: Pleroma.Password.hash_pwd_salt(password),
+          password_hash: Pleroma.Password.Pbkdf2.hash_pwd_salt(password),
           approval_pending: true
         )
 
diff --git a/test/pleroma/web/plugs/authentication_plug_test.exs b/test/pleroma/web/plugs/authentication_plug_test.exs
index 4a0ff6710..118ab302a 100644
--- a/test/pleroma/web/plugs/authentication_plug_test.exs
+++ b/test/pleroma/web/plugs/authentication_plug_test.exs
@@ -17,7 +17,7 @@ defmodule Pleroma.Web.Plugs.AuthenticationPlugTest do
     user = %User{
       id: 1,
       name: "dude",
-      password_hash: Pleroma.Password.hash_pwd_salt("guy")
+      password_hash: Pleroma.Password.Pbkdf2.hash_pwd_salt("guy")
     }
 
     conn =
diff --git a/test/pleroma/web/twitter_api/password_controller_test.exs b/test/pleroma/web/twitter_api/password_controller_test.exs
index 880f097cb..cf99e2434 100644
--- a/test/pleroma/web/twitter_api/password_controller_test.exs
+++ b/test/pleroma/web/twitter_api/password_controller_test.exs
@@ -92,7 +92,7 @@ defmodule Pleroma.Web.TwitterAPI.PasswordControllerTest do
       assert response =~ "<h2>Password changed!</h2>"
 
       user = refresh_record(user)
-      assert Pleroma.Password.verify_pass("test", user.password_hash)
+      assert Pleroma.Password.Pbkdf2.verify_pass("test", user.password_hash)
       assert Enum.empty?(Token.get_user_tokens(user))
     end
 
diff --git a/test/pleroma/web/twitter_api/util_controller_test.exs b/test/pleroma/web/twitter_api/util_controller_test.exs
index 923be8fae..6d007ab66 100644
--- a/test/pleroma/web/twitter_api/util_controller_test.exs
+++ b/test/pleroma/web/twitter_api/util_controller_test.exs
@@ -397,7 +397,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
 
       assert json_response(conn, 200) == %{"status" => "success"}
       fetched_user = User.get_cached_by_id(user.id)
-      assert Pleroma.Password.verify_pass("newpass", fetched_user.password_hash) == true
+      assert Pleroma.Password.Pbkdf2.verify_pass("newpass", fetched_user.password_hash) == true
     end
   end
 
diff --git a/test/support/builders/user_builder.ex b/test/support/builders/user_builder.ex
index 27470498d..6bccbb35a 100644
--- a/test/support/builders/user_builder.ex
+++ b/test/support/builders/user_builder.ex
@@ -7,7 +7,7 @@ defmodule Pleroma.Builders.UserBuilder do
       email: "test@example.org",
       name: "Test Name",
       nickname: "testname",
-      password_hash: Pleroma.Password.hash_pwd_salt("test"),
+      password_hash: Pleroma.Password.Pbkdf2.hash_pwd_salt("test"),
       bio: "A tester.",
       ap_id: "some id",
       last_digest_emailed_at: NaiveDateTime.truncate(NaiveDateTime.utc_now(), :second),
diff --git a/test/support/factory.ex b/test/support/factory.ex
index 53b1dfd09..bf9592064 100644
--- a/test/support/factory.ex
+++ b/test/support/factory.ex
@@ -29,7 +29,7 @@ defmodule Pleroma.Factory do
       name: sequence(:name, &"Test テスト User #{&1}"),
       email: sequence(:email, &"user#{&1}@example.com"),
       nickname: sequence(:nickname, &"nick#{&1}"),
-      password_hash: Pleroma.Password.hash_pwd_salt("test"),
+      password_hash: Pleroma.Password.Pbkdf2.hash_pwd_salt("test"),
       bio: sequence(:bio, &"Tester Number #{&1}"),
       is_discoverable: true,
       last_digest_emailed_at: NaiveDateTime.utc_now(),

From c4b74c9c3fcf926de374f512e8b218e6785448e5 Mon Sep 17 00:00:00 2001
From: Lain Soykaf <lain@lain.com>
Date: Thu, 14 Jan 2021 16:01:14 +0100
Subject: [PATCH 6/6] Linting.

---
 test/pleroma/web/auth/pleroma_authenticator_test.exs | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/test/pleroma/web/auth/pleroma_authenticator_test.exs b/test/pleroma/web/auth/pleroma_authenticator_test.exs
index edaf9eecb..b1397c523 100644
--- a/test/pleroma/web/auth/pleroma_authenticator_test.exs
+++ b/test/pleroma/web/auth/pleroma_authenticator_test.exs
@@ -11,7 +11,13 @@ defmodule Pleroma.Web.Auth.PleromaAuthenticatorTest do
   setup do
     password = "testpassword"
     name = "AgentSmith"
-    user = insert(:user, nickname: name, password_hash: Pleroma.Password.Pbkdf2.hash_pwd_salt(password))
+
+    user =
+      insert(:user,
+        nickname: name,
+        password_hash: Pleroma.Password.Pbkdf2.hash_pwd_salt(password)
+      )
+
     {:ok, [user: user, name: name, password: password]}
   end