Update VRS to work with hashes from Pow

I wish this had test coverage but UD is not my focus,
I just wanted this in place in case I do run it again,
it would have been stressful to have it broken.

unmnemonic_devices_vrs/Cargo.toml

@@ -18,7 +18,10 @@ chrono = { version = "0.4.22", default-features = false, features = ["clock"] }
 handlebars = { version = "4", features = ["dir_source"] }
 http = "0.2.9"
 mime = "0.3.16"
+password-hash = "0.5.0"
+pbkdf2 = { version = "0.12", features = ["simple"] }
 reqwest = { version = "0.11", features = ["json"] }
+sha2 = "0.10"
 tokio = { version = "1.0", features = ["full"] }
 toml = "0.7.3"
 tower-http = { version = "0.4", features = ["fs", "trace"] }

unmnemonic_devices_vrs/src/auth.rs

@@ -8,7 +8,10 @@ use axum::{
     http::{request::Parts, StatusCode},
 };
 use base64::{engine::general_purpose, Engine as _};
-use bcrypt::verify;
+use pbkdf2::{
+    password_hash::{PasswordHash, PasswordVerifier},
+    Pbkdf2,
+};
 use serde::Serialize;
 use std::{env, str::from_utf8};
 
@@ -17,7 +20,7 @@ use std::{env, str::from_utf8};
 // A user that is authorized to access admin routes.
 pub struct User;
 
-#[derive(sqlx::FromRow, Serialize)]
+#[derive(sqlx::FromRow, Serialize, Debug)]
 pub struct UserPasswordHash {
     password_hash: String,
 }
@@ -72,12 +75,25 @@ where
                     .fetch_one(&state.db)
                     .await;
 
-                    let user = maybe_user.unwrap_or(UserPasswordHash {
-                        password_hash: "".to_string(),
-                    });
+                    if let Ok(maybe_user) = maybe_user {
+                        let user = UserPasswordHash {
+                            password_hash: maybe_user.password_hash,
+                        };
+
+                        // Pow in Elixir is creating a string with slight differences that are failing to parse
+                        let converted_user_password_hash = user
+                            .password_hash
+                            .replace("==", "")
+                            .replace("$pbkdf2-sha512$100000", "$pbkdf2-sha512$i=100000,l=64");
+
+                        let parsed_hash = PasswordHash::new(&converted_user_password_hash);
 
-                    if verify(password, &user.password_hash).unwrap_or(false) {
-                        return Ok(User);
+                        if Pbkdf2
+                            .verify_password(password.as_bytes(), &parsed_hash.unwrap())
+                            .is_ok()
+                        {
+                            return Ok(User);
+                        }
                     }
                 }
             }

unmnemonic_devices_vrs/tests/fixtures/users-maybe-admin.sql

@@ -11,15 +11,15 @@ VALUES
   (
     '5fd0e43c-2d7a-40d2-8d4c-1546a4428cc6',
     '[email protected]',
-    '$2b$12$y46oK5kINhXmnmOp4twqfODz4z0WR8wWc6XPPOob2fZ.yd6E1zCIS',
+    '$pbkdf2-sha512$100000$YQDYVdAxOPRz3ybRnnbYWw==$+qQJYU5PzVyUVgCiMNiC8KDrya1XhlgPfBVjOnEfXSUP9tq8FzkITJWgp4Q/FjjIrXrFatiB1l2TITqw0IQU6A==',
     TRUE,
     NOW(),
     NOW()
   ),
   (
     'dc3bc4ad-ec08-4d41-8f0c-57603b03d50d',
     '[email protected]',
-    '$2b$12$y46oK5kINhXmnmOp4twqfODz4z0WR8wWc6XPPOob2fZ.yd6E1zCIS',
+    '$pbkdf2-sha512$100000$N9405dEGWU7FdGWEbe/dZA==$ffKo0+JccsA+0wk6RjPrznGqAricoycWpcbmzewLunBYhpbZnSkVgrs4uhcaDDZ03CVyT1G4ptNXX7dAhzCW8w==',
     FALSE,
     NOW(),
     NOW()