From e03a79b2f8a220f186ae1cc9f4ea1cedf55a2192 Mon Sep 17 00:00:00 2001
From: Johan Viklund <johan.viklund@gmail.com>
Date: Tue, 23 Jun 2009 23:26:34 +0200
Subject: [PATCH] Added password hashing. Closes #13.

---
 bin/generate-password.pl | 18 ++++++++++++++++++
 lib/November.pm          | 10 +++++-----
 t/digest/01-digest.t     | 26 ++++++++++++++++++++++++++
 3 files changed, 49 insertions(+), 5 deletions(-)
 create mode 100644 bin/generate-password.pl
 create mode 100644 t/digest/01-digest.t

diff --git a/bin/generate-password.pl b/bin/generate-password.pl
new file mode 100644
index 0000000..75d06e3
--- /dev/null
+++ b/bin/generate-password.pl
@@ -0,0 +1,18 @@
+use v6;
+
+use Digest;
+
+if ( @*ARGS.elems != 2 ) {
+    say 'This program expects two arguments, the first one should be the';
+    say 'username of the new user and the second one should be the passphrase';
+    say 'of the new user.';
+    say "\nThank You";
+    exit 1;
+}
+
+my ($username, $passphrase) = @*ARGS;
+
+say "The hashed passphrase for $username is:";
+say "  ", digest( digest( $username, 'sha256' ) ~ $passphrase, 'sha256');
+
+# vim: ft=perl6
diff --git a/lib/November.pm b/lib/November.pm
index 2761f24..e14b703 100644
--- a/lib/November.pm
+++ b/lib/November.pm
@@ -2,6 +2,7 @@ use v6;
 
 use Session;
 use Cache;
+use Digest;
 
 class November does Session does Cache {
 
@@ -204,11 +205,10 @@ class November does Session does Cache {
             my %users = self.read_users();
 
             # Yes, this is cheating. Stand by for a real MD5 hasher.
-            if (defined %users{$user_name}
-                and $password eq %users{$user_name}<plain_text>) {
-    #            if Digest::MD5::md5_base64(
-    #                   Digest::MD5::md5_base64($user_name) ~ $password
-    #               ) eq %users{$user_name}<password> {
+            if defined %users{$user_name}
+                and digest(digest($user_name, 'sha256') ~ $password,
+                          'sha256'
+                   ) eq %users{$user_name}<password> {
 
                 my $session_id = self.new_session($user_name);
                 my $session_cookie = "session_id=$session_id";
diff --git a/t/digest/01-digest.t b/t/digest/01-digest.t
new file mode 100644
index 0000000..fc5a557
--- /dev/null
+++ b/t/digest/01-digest.t
@@ -0,0 +1,26 @@
+
+use Test;
+use Digest;
+
+plan 6;
+
+my $text = "The quick brown fox jumps over the lazy dog";
+
+ok(Digest::digest($text)
+    eq "9e107d9d372bb6826bd81d3542a419d6",
+    'Default is MD5');
+ok(Digest::digest($text, "md5")
+    eq "9e107d9d372bb6826bd81d3542a419d6",
+    'MD5 is correct');
+ok(Digest::digest($text, "sha1")
+    eq "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12",
+    'SHA1 is correct');
+ok(Digest::digest($text, "sha256")
+    eq "d7a8fbb307d7809469ca9abcb0082e4f8d5651e46d3cdb762d02d0bf37c9e592",
+    'SHA256 is correct');
+ok(Digest::digest($text, "sha512")
+    eq "07e547d9586f6a73f73fbac0435ed76951218fb7d0c8d788a309d785436bbb642e93a252a954f23912547d1e8a3b5ed6e1bfd7097821233fa0538f3db854fee6",
+    'SHA512 is correct');
+ok(Digest::digest($text, "ripemd160")
+    eq "37f332f68db77bd9d7edd4969571ad671cf9dd3b",
+    'ripemd160 is correct');