Koha::AuthUtils - utility routines for authentication
use Koha::AuthUtils qw/hash_password/; my $hash = hash_password($password);
This module provides utility functions related to managing user passwords.
my $hash = Koha::AuthUtils::hash_password($password, $settings);
Hash $password using Bcrypt. Accepts an extra $settings parameter for salt. If $settings is not passed, a new salt is generated.
WARNING: If this method implementation is changed in the future, as of bug 28772 there's at least one DBRev that uses this code and should be taken care of.
my $salt = Koha::Auth::generate_salt($strength, $length);
For general password salting a $strength
of weak
is recommend, For generating a server-salt a $strength
of strong
is recommended
'strong' uses /dev/random which may block until sufficient entropy is achieved. 'weak' uses /dev/urandom and is non-blocking.
$length
is a positive integer which specifies the desired length of the returned string
my ( $is_valid, $error ) = is_password_valid( $password, $category );
return $is_valid == 1 if the password match category's minimum password length and strength if provided, or general minPasswordLength and RequireStrongPassword conditions otherwise return $is_valid == 0 and $error will contain the error ('too_short' or 'too_weak')
my password = generate_password($category);
Generate a password according to category's minimum password length and strength if provided, or to the minPasswordLength and RequireStrongPassword system preferences.
This returns the correct script name, for use in redirecting back to the correct page after showing the login screen. It depends on details of the package Plack configuration, and should not be used outside this context.
Crypt::Eksblowfish::Bcrypt(3)