From 72d196ee7f4e2209bc960b5831d16d3a20e367fa Mon Sep 17 00:00:00 2001
From: Sunpy <sunpy@osufx.com>
Date: Fri, 26 Apr 2019 06:23:40 +0100
Subject: [PATCH] Hash password

---
 forms/login.py   | 8 +++++---
 objects/glob.py  | 7 +++++++
 requirements.txt | 3 ++-
 3 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/forms/login.py b/forms/login.py
index 8fb2174..51c820c 100644
--- a/forms/login.py
+++ b/forms/login.py
@@ -56,9 +56,8 @@ class User(UserMixin):
 		SELECT *
 		FROM Bruker
 		WHERE Epost = %s
-			AND Passord = %s
 		LIMIT 1;
-		""", login)
+		""", (login[0],))
 
 		user = cur.fetchone()
 
@@ -67,6 +66,9 @@ class User(UserMixin):
 		if user is None:
 			raise Exception("Invalid login")
 
+		if not glob.check_password(login[1], user[2]):
+			raise Exception("Incorrect password")
+
 		self.id, self.email, self.password, self.firstname, self.surname = user
 
 def register_account(email, password, firstname, surname):
@@ -77,7 +79,7 @@ def register_account(email, password, firstname, surname):
 	INSERT INTO
 	Bruker (Epost, Passord, Fornavn, Etternavn)
 	VALUES (%s, %s, %s, %s);
-	""", (email, password, firstname, surname))
+	""", (email, glob.hash_password(password), firstname, surname))
 
 	conn.commit()
 	cur.close()
diff --git a/objects/glob.py b/objects/glob.py
index da3921a..1400ea4 100644
--- a/objects/glob.py
+++ b/objects/glob.py
@@ -2,6 +2,7 @@ import os
 import json
 import shutil
 import mysql.connector
+import bcrypt
 
 # ------------------------------------------------------------------------------
 # Global variables that is None by default and gets overwritten in other modules
@@ -27,3 +28,9 @@ def get_sql_connection():
 	if sql_conn is None or not sql_conn.is_connected():
 		sql_conn = make_sql_connection()
 	return sql_conn
+
+def hash_password(password):
+	return bcrypt.hashpw(password.encode(), bcrypt.gensalt(10, prefix=b"2a")).decode()
+
+def check_password(p1, p2):
+	return bcrypt.checkpw(p1.encode(), p2.encode())
diff --git a/requirements.txt b/requirements.txt
index 7c8f664..13a2d6e 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,3 +1,4 @@
 Flask>=1.0.2
 Flask-WTF>=0.14.2
-flask_login>=0.4.1
\ No newline at end of file
+flask_login>=0.4.1
+bcrypt
\ No newline at end of file