mirror of
https://github.com/simple-login/app.git
synced 2024-09-28 20:51:29 +02:00
app.pw_models: Refactor, use constant-time equality
This commit is contained in:
parent
ecd74b801b
commit
586654e08e
@ -9,20 +9,16 @@ _NORMALIZATION_FORM = "NFKC"
|
|||||||
|
|
||||||
|
|
||||||
class PasswordOracle:
|
class PasswordOracle:
|
||||||
salt = db.Column(db.String(128), nullable=True)
|
|
||||||
password = db.Column(db.String(128), nullable=True)
|
password = db.Column(db.String(128), nullable=True)
|
||||||
|
|
||||||
def set_password(self, password):
|
def set_password(self, password):
|
||||||
password = unicodedata.normalize(_NORMALIZATION_FORM, password)
|
password = unicodedata.normalize(_NORMALIZATION_FORM, password)
|
||||||
salt = bcrypt.gensalt()
|
salt = bcrypt.gensalt()
|
||||||
password_hash = bcrypt.hashpw(password.encode(), salt).decode()
|
self.password = bcrypt.hashpw(password.encode(), salt).decode()
|
||||||
self.salt = salt.decode()
|
|
||||||
self.password = password_hash
|
|
||||||
|
|
||||||
def check_password(self, password) -> bool:
|
def check_password(self, password) -> bool:
|
||||||
if not self.password:
|
if not self.password:
|
||||||
return False
|
return False
|
||||||
|
|
||||||
password = unicodedata.normalize(_NORMALIZATION_FORM, password)
|
password = unicodedata.normalize(_NORMALIZATION_FORM, password)
|
||||||
password_hash = bcrypt.hashpw(password.encode(), self.salt.encode())
|
return bcrypt.checkpw(password.encode(), self.password.encode())
|
||||||
return self.password.encode() == password_hash
|
|
||||||
|
29
migrations/versions/2021_052917_a5eb5158c4d7_.py
Normal file
29
migrations/versions/2021_052917_a5eb5158c4d7_.py
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
"""empty message
|
||||||
|
|
||||||
|
Revision ID: a5eb5158c4d7
|
||||||
|
Revises: 68e2f38e33f4
|
||||||
|
Create Date: 2021-05-29 17:41:32.149720
|
||||||
|
|
||||||
|
"""
|
||||||
|
import sqlalchemy_utils
|
||||||
|
from alembic import op
|
||||||
|
import sqlalchemy as sa
|
||||||
|
|
||||||
|
|
||||||
|
# revision identifiers, used by Alembic.
|
||||||
|
revision = 'a5eb5158c4d7'
|
||||||
|
down_revision = '68e2f38e33f4'
|
||||||
|
branch_labels = None
|
||||||
|
depends_on = None
|
||||||
|
|
||||||
|
|
||||||
|
def upgrade():
|
||||||
|
# ### commands auto generated by Alembic - please adjust! ###
|
||||||
|
op.drop_column('users', 'salt')
|
||||||
|
# ### end Alembic commands ###
|
||||||
|
|
||||||
|
|
||||||
|
def downgrade():
|
||||||
|
# ### commands auto generated by Alembic - please adjust! ###
|
||||||
|
op.add_column('users', sa.Column('salt', sa.VARCHAR(length=128), autoincrement=False, nullable=True))
|
||||||
|
# ### end Alembic commands ###
|
Loading…
Reference in New Issue
Block a user