Model::Users::Password: verify_password() can receive hashed password

diff --git a/src/newslash_web/lib/Newslash/Model/Users/Passwords.pm b/src/newslash_web/lib/Newslash/Model/Users/Passwords.pm
index c81e1fd..7439ba5 100644 (file)
--- a/src/newslash_web/lib/Newslash/Model/Users/Passwords.pm
+++ b/src/newslash_web/lib/Newslash/Model/Users/Passwords.pm
@@ -118,7 +118,8 @@ sub verify_password {
         $user = $users->select(nickname => $args->{nickname});
     }
 
-    if (!$user) {
+    my $hashed = $user ? $user->{passwd} : $args->{hashed};
+    if (!$hashed) {
         $self->last_error("INVALID_USER");
         return;
     }
@@ -129,15 +130,17 @@ sub verify_password {
         return;
     }
 
-    my $rs = $self->compare_password($password, $user->{passwd});
-    if (!$rs && $self->_compare_password_compat($password,
-                                                $user->{passwd},
-                                                $users->{uid}, 0, 1)) {
-        $self->last_error("INVALID_PASSWORD");
-        return;
+    my $rs = $self->compare_password($password, $hashed);
+    return 1 if $rs;
+
+    if ($user && $self->_compare_password_compat($password,
+                                                 $hashed,
+                                                 $users->{uid}, 0, 1)) {
+        return 1;
     }
 
-    return 1;
+    $self->last_error("INVALID_PASSWORD");
+    return;
 }
 
 #========================================================================