Refactor: Move bcrypt inside kodein module for easier testing

api/src/routing/AuthController.kt

@@ -4,6 +4,7 @@ import be.vandewalleh.auth.SimpleJWT
 import be.vandewalleh.auth.UserDbIdPrincipal
 import be.vandewalleh.auth.UsernamePasswordCredential
 import be.vandewalleh.extensions.respondStatus
+import be.vandewalleh.features.PasswordHash
 import be.vandewalleh.services.UserService
 import com.auth0.jwt.exceptions.JWTVerificationException
 import io.ktor.application.*
@@ -14,7 +15,6 @@ import io.ktor.response.*
 import io.ktor.routing.*
 import org.kodein.di.Kodein
 import org.kodein.di.generic.instance
-import org.mindrot.jbcrypt.BCrypt
 
 data class RefreshToken(val refreshToken: String)
 data class DualToken(val token: String, val refreshToken: String)
@@ -23,6 +23,7 @@ fun Routing.auth(kodein: Kodein) {
     val authSimpleJwt by kodein.instance<SimpleJWT>("auth")
     val refreshSimpleJwt by kodein.instance<SimpleJWT>("refresh")
     val userService by kodein.instance<UserService>()
+    val passwordHash by kodein.instance<PasswordHash>()
 
     post("/user/login") {
         val credential = call.receive<UsernamePasswordCredential>()
@@ -30,7 +31,7 @@ fun Routing.auth(kodein: Kodein) {
         val user = userService.find(credential.username)
             ?: return@post call.respondStatus(HttpStatusCode.Unauthorized)
 
-        if (!BCrypt.checkpw(credential.password, user.password)) {
+        if (!passwordHash.verify(credential.password, user.password)) {
             return@post call.respondStatus(HttpStatusCode.Unauthorized)
         }
 

api/src/routing/UserController.kt

@@ -12,7 +12,6 @@ import io.ktor.response.*
 import io.ktor.routing.*
 import org.kodein.di.Kodein
 import org.kodein.di.generic.instance
-import org.mindrot.jbcrypt.BCrypt
 
 fun Routing.user(kodein: Kodein) {
     val userService by kodein.instance<UserService>()
@@ -24,9 +23,7 @@ fun Routing.user(kodein: Kodein) {
             if (userService.exists(user.username))
                 return@post call.respondStatus(HttpStatusCode.Conflict)
 
-            val hashedPassword = BCrypt.hashpw(user.password, BCrypt.gensalt())
-
-            val newUser = userService.create(user.username, hashedPassword)
+            val newUser = userService.create(user.username, user.password)
                 ?: return@post call.respondStatus(HttpStatusCode.Conflict)
 
             call.respond(HttpStatusCode.Created, newUser)