Hash password

This commit is contained in:
Emily 2019-04-26 06:23:40 +01:00
parent e9a24588a0
commit 72d196ee7f
3 changed files with 14 additions and 4 deletions

View File

@ -56,9 +56,8 @@ class User(UserMixin):
SELECT * SELECT *
FROM Bruker FROM Bruker
WHERE Epost = %s WHERE Epost = %s
AND Passord = %s
LIMIT 1; LIMIT 1;
""", login) """, (login[0],))
user = cur.fetchone() user = cur.fetchone()
@ -67,6 +66,9 @@ class User(UserMixin):
if user is None: if user is None:
raise Exception("Invalid login") raise Exception("Invalid login")
if not glob.check_password(login[1], user[2]):
raise Exception("Incorrect password")
self.id, self.email, self.password, self.firstname, self.surname = user self.id, self.email, self.password, self.firstname, self.surname = user
def register_account(email, password, firstname, surname): def register_account(email, password, firstname, surname):
@ -77,7 +79,7 @@ def register_account(email, password, firstname, surname):
INSERT INTO INSERT INTO
Bruker (Epost, Passord, Fornavn, Etternavn) Bruker (Epost, Passord, Fornavn, Etternavn)
VALUES (%s, %s, %s, %s); VALUES (%s, %s, %s, %s);
""", (email, password, firstname, surname)) """, (email, glob.hash_password(password), firstname, surname))
conn.commit() conn.commit()
cur.close() cur.close()

View File

@ -2,6 +2,7 @@ import os
import json import json
import shutil import shutil
import mysql.connector import mysql.connector
import bcrypt
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Global variables that is None by default and gets overwritten in other modules # Global variables that is None by default and gets overwritten in other modules
@ -27,3 +28,9 @@ def get_sql_connection():
if sql_conn is None or not sql_conn.is_connected(): if sql_conn is None or not sql_conn.is_connected():
sql_conn = make_sql_connection() sql_conn = make_sql_connection()
return sql_conn return sql_conn
def hash_password(password):
return bcrypt.hashpw(password.encode(), bcrypt.gensalt(10, prefix=b"2a")).decode()
def check_password(p1, p2):
return bcrypt.checkpw(p1.encode(), p2.encode())

View File

@ -1,3 +1,4 @@
Flask>=1.0.2 Flask>=1.0.2
Flask-WTF>=0.14.2 Flask-WTF>=0.14.2
flask_login>=0.4.1 flask_login>=0.4.1
bcrypt