From f8d78191530c55269f180c5937f9e3c16e4863cc Mon Sep 17 00:00:00 2001
From: Deon George <deon@dege.au>
Date: Sat, 3 May 2025 23:37:32 +1000
Subject: [PATCH] Fix for ARGON2 passwords, they shouldnt be base64 encoded.
 Fixes #316

---
 app/Classes/LDAP/Attribute/Password/Argon2i.php   | 6 +++---
 tests/server/openldap/schema/modify/99-argon.ldif | 4 ++++
 2 files changed, 7 insertions(+), 3 deletions(-)
 create mode 100644 tests/server/openldap/schema/modify/99-argon.ldif

diff --git a/app/Classes/LDAP/Attribute/Password/Argon2i.php b/app/Classes/LDAP/Attribute/Password/Argon2i.php
index a6c8a453..28681fea 100644
--- a/app/Classes/LDAP/Attribute/Password/Argon2i.php
+++ b/app/Classes/LDAP/Attribute/Password/Argon2i.php
@@ -10,16 +10,16 @@ final class Argon2i extends Base
 
 	public static function subid(string $password): bool
 	{
-		return str_starts_with(base64_decode(self::password($password)),self::identifier.'$');
+		return str_starts_with(self::password($password),self::identifier.'$');
 	}
 
 	public function compare(string $source,string $compare): bool
 	{
-		return password_verify($compare,base64_decode($this->password($source)));
+		return password_verify($compare,$this->password($source));
 	}
 
 	public function encode(string $password): string
 	{
-		return sprintf('{%s}%s',self::key,base64_encode(password_hash($password,PASSWORD_ARGON2I)));
+		return sprintf('{%s}%s',self::key,password_hash($password,PASSWORD_ARGON2I));
 	}
 }
\ No newline at end of file
diff --git a/tests/server/openldap/schema/modify/99-argon.ldif b/tests/server/openldap/schema/modify/99-argon.ldif
new file mode 100644
index 00000000..5d7bd88a
--- /dev/null
+++ b/tests/server/openldap/schema/modify/99-argon.ldif
@@ -0,0 +1,4 @@
+dn: cn=z-module{0},cn=config
+changetype: modify
+add: olcModuleLoad
+olcModuleLoad: argon2