[interchange] Add support for password promote from plain text.

[Peter Ajamian]

commit 79727189b8229dbbf77bc50973a2b4b17afe4044
Author: Peter Ajamian <peter at pajamian.dhs.org>
Date:   Fri Oct 2 00:03:16 2015 +1300

    Add support for password promote from plain text.
    
    Adds a new UserDB option, "from_plain" that when set to 1 along with the
    promote option will cause Interchange to assume that all current passwords are
    plain text unless they meet the criteria of the new encryption scheme.  Note
    that this is not perfect as it is possible for plain text passwords to appear to
    Interchange as if they are already encrypted, and if Interchange thinks they
    look like the encryption scheme that you're promoting to, either by password
    length, or by a regexp match in the case of bcrypt then Itnerchange will not
    promote the password and assuming it is already encrypted the login will fail.
    While not a perfect solution to the issue of gracefully promoting passwords from
    plain text this is a "better than nothing" approach.
    
    To use this option, specify the following in your catalog.cfg in addition to the
    other option changes necessary to convert to encrypted passwords:
    
        UserDB foo promote 1
        UserDB foo from_plain 1
    
    Note that it is not recommended that you simply set this and forget in order to
    promote plain text passwords.  Having plain text passwords in your DB is now
    considered extremely bad practice and if you simply attempt to promote them via
    this method you will still have a large number of plain text passwords in your
    db for some time to come.  It is instead recommended that you use this method in
    conjunction with another method to convert all remaining passwords as quickly as
    possible.  This is simply in place as a means to help you avoid downtime of your
    site while the passwords are being promoted.

 lib/Vend/UserDB.pm |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)
---
diff --git a/lib/Vend/UserDB.pm b/lib/Vend/UserDB.pm
index c22fac9..85acb8f 100644
--- a/lib/Vend/UserDB.pm
+++ b/lib/Vend/UserDB.pm
@@ -1743,6 +1743,7 @@ sub login {
 				$cur_method ||= 'default';
 
 				my $stored_by = $enc_id{ determine_cipher($db_pass) };
+				my $from_sub = $self->{OPTIONS}{from_plain} ? sub {$_[1]} : $enc_subs{$stored_by};
 
 				if (
 					$cur_method ne $stored_by
@@ -1751,7 +1752,7 @@ sub login {
 					&&
 					bcost($self->{OPTIONS}) != bcost($self->{OPTIONS}, bmarshal($db_pass))
 					and
-					$db_pass eq $enc_subs{$stored_by}->($self, $pw, $db_pass)
+					$db_pass eq $from_sub->($self, $pw, $db_pass)
 				) {
 
 					my $newpass = $enc_subs{$cur_method}->($self, $pw, Vend::Util::random_string(2));