Merge pull request #27 from WebEngineering2/bcrypt

Updated api to use bcrypt
2022-03-27 20:42:58 +02:00 · 2022-03-27 20:42:58 +02:00 · be6714371e
commit be6714371e
parent 948ef0c179 48e97ea406
3 changed files with 6 additions and 8 deletions
--- a/api/helper_functions.py
+++ b/api/helper_functions.py
@ -1,7 +1,6 @@
-import hashlib
 import os
-import uuid

+import bcrypt
 import jwt
 from apiflask import abort
 from flask import request, jsonify
@ -11,13 +10,11 @@ from models import User


 def hash_password(password):
-    salt = uuid.uuid4().hex
-    return hashlib.sha256(salt.encode() + password.encode()).hexdigest() + ':' + salt
+    return bcrypt.hashpw(password.encode("utf-8"), bcrypt.gensalt())


 def check_password(hashed_password, user_password):
-    password, salt = hashed_password.split(':')
-    return password == hashlib.sha256(salt.encode() + user_password.encode()).hexdigest()
+    return bcrypt.checkpw(hashed_password.encode("utf-8"), user_password)


 def get_token():
--- a/api/models.py
+++ b/api/models.py
@ -4,7 +4,7 @@ from db import db
 class User(db.Model):
    __tablename__ = 'users'
    email = db.Column('email', db.String(255), primary_key=True, nullable=False, unique=True)
-    password = db.Column('password', db.String(255), nullable=False, server_default='')
+    password = db.Column('password', db.BINARY(60), nullable=False)
    username = db.Column('username', db.String(255), nullable=False, server_default='')
    telegram_user_id = db.Column('telegram_user_id', db.String(255), nullable=True, server_default='')
    admin = db.Column('admin', db.Boolean(), server_default='0')
--- a/api/requirements.txt
+++ b/api/requirements.txt
@ -6,4 +6,5 @@ python-dotenv==0.20.0
 pymysql==1.0.2
 pyjwt==2.3.0
 apiflask==0.12.0
-flask-cors==3.0.10
+flask-cors==3.0.10
+bcrypt==3.1.0