lib/carto/user_authenticator.rb
require 'cartodb-common'
module Carto
module UserAuthenticator
def authenticate(email, password)
sanitized_input = email.strip.downcase
if candidate = ::User.filter("email = ? OR username = ?", sanitized_input, sanitized_input).first
login_attempt(candidate)
if valid_password?(candidate, password)
reencrypt_password(candidate, password)
return candidate
end
end
end
def valid_password?(candidate, password)
Carto::Common::EncryptionService.verify(password: password, secure_password: candidate.crypted_password,
secret: Cartodb.config[:password_secret])
end
def login_attempt(user)
retry_after = user.password_login_attempt
if retry_after != ::User::LOGIN_NOT_RATE_LIMITED
throw(:warden, action: :password_locked, retry_after: retry_after)
end
end
def reencrypt_password(candidate, password)
encrypter = Carto::Common::EncryptionService
return if encrypter.argon2?(candidate.crypted_password)
candidate.crypted_password = encrypter.encrypt(password: password, secret: Cartodb.config[:password_secret])
candidate.update_in_central
candidate.save
end
end
end