✨ Update default hasher to argon2id.

2025-05-13 12:56:38 +02:00 · 2020-12-03 12:59:23 +01:00 · 2020-12-03 12:59:23 +01:00 · c21dc7ea7f
commit c21dc7ea7f
parent b92045f905
2 changed files with 15 additions and 5 deletions
--- a/backend/deps.edn
+++ b/backend/deps.edn
@ -38,9 +38,9 @@
  funcool/promesa {:mvn/version "5.1.0"}
  funcool/cuerdas {:mvn/version "2020.03.26-3"}
-  buddy/buddy-core {:mvn/version "1.8.0"}
+  buddy/buddy-core {:mvn/version "1.9.0"}
-  buddy/buddy-hashers {:mvn/version "1.6.0"}
+  buddy/buddy-hashers {:mvn/version "1.7.0"}
-  buddy/buddy-sign {:mvn/version "3.2.0"}
+  buddy/buddy-sign {:mvn/version "3.3.0"}
  lambdaisland/uri {:mvn/version "1.4.54"
                    :exclusions [org.clojure/data.json]}
--- a/backend/src/app/services/mutations/profile.clj
+++ b/backend/src/app/services/mutations/profile.clj
@ -27,6 +27,7 @@
   [app.util.time :as dt]
   [buddy.hashers :as hashers]
   [clojure.spec.alpha :as s]
   [clojure.tools.logging :as log]
   [cuerdas.core :as str]))
 ;; --- Helpers & Specs
@ -138,11 +139,20 @@
 (defn- derive-password
  [password]
-  (hashers/derive password {:alg :bcrypt+sha512}))
+  (hashers/derive password
                  {:alg :argon2id
                   :memory 16384
                   :iterations 20
                   :parallelism 2}))
 (defn- verify-password
  [attempt password]
-  (hashers/verify attempt password))
+  (try
    (hashers/verify attempt password)
    (catch Exception e
      (log/warnf e "Error on verify password (only informative, nothing affected to user).")
      {:update false
       :valid false})))
 (defn- create-profile
  "Create the profile entry on the database with limited input