Admin passwords are stored hashed. Safety third!

master
Marek Baczynski 6 years ago
parent b213966b2d
commit 944d16bfe4

@ -1 +1 @@
{"secret_key":"aihsasodhngfkuabsfh", "marek":{"password":"marek"},"notmarek":{"password":"notmarek"}}
{"secret_key":"aihsasodhngfkuabsfh", "secret_cookie":"IPreferSeaSaltCarmelIceCreamOverAnyLameCookies", "marek":{"password":"kYazQA/Q+o1Uw2p4lY7xqLqUAtV71jUQhKRhg/KRzi4="},"notmarek":{"password":"notmarek"}}

@ -0,0 +1,16 @@
import base64, hashlib
secret_cookie = "IPreferSeaSaltCarmelIceCreamOverAnyLameCookies"
username = input("username: ")
password = input("password: ")
if input("retype password: ") != password:
print ("passwords do not match up! Lern 2 spel your password plz!")
exit()
hasher = hashlib.sha256()
hasher.update(password.encode('utf-8'))
hasher.update(secret_cookie.encode('utf-8'))
hashedpassword = base64.b64encode(hasher.digest()).decode('utf-8')
print ('"{}":{{"password":"{}"}}'.format(username,hashedpassword))

@ -3,7 +3,7 @@ from flask_login import LoginManager, UserMixin, login_required, login_user, log
from PIL import Image, ImageFont, ImageDraw
import qrcode
from io import BytesIO
import json, random, re, string
import json, random, re, string, hashlib, base64
app = Flask(__name__)
systemURL = 'http://192.168.0.11:5000/' #FULL URL with a '/' at the end
@ -30,6 +30,8 @@ with open('admins.json', 'r') as infile:
for key, value in adminfile.items():
if key=='secret_key':
app.secret_key = value
elif key=='secret_cookie':
secret_cookie = value.encode('utf-8')
else:
a = Admin(key, value['password'])
@ -119,7 +121,11 @@ def login():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
if admins[username].password == password:
hasher = hashlib.sha256()
hasher.update(password.encode('utf-8'))
hasher.update(secret_cookie)
hashedpassword = base64.b64encode(hasher.digest()).decode('utf-8')
if admins[username].password == hashedpassword:
login_user(admins[username])
return redirect(request.args.get("next"))
return abort(401)

Loading…
Cancel
Save