mirror of
https://github.com/simple-login/app.git
synced 2024-09-27 20:31:30 +02:00
app.pw_models: Refactor, use constant-time equality
This commit is contained in:
parent
ecd74b801b
commit
586654e08e
@ -9,20 +9,16 @@ _NORMALIZATION_FORM = "NFKC"
|
||||
|
||||
|
||||
class PasswordOracle:
|
||||
salt = db.Column(db.String(128), nullable=True)
|
||||
password = db.Column(db.String(128), nullable=True)
|
||||
|
||||
def set_password(self, password):
|
||||
password = unicodedata.normalize(_NORMALIZATION_FORM, password)
|
||||
salt = bcrypt.gensalt()
|
||||
password_hash = bcrypt.hashpw(password.encode(), salt).decode()
|
||||
self.salt = salt.decode()
|
||||
self.password = password_hash
|
||||
self.password = bcrypt.hashpw(password.encode(), salt).decode()
|
||||
|
||||
def check_password(self, password) -> bool:
|
||||
if not self.password:
|
||||
return False
|
||||
|
||||
password = unicodedata.normalize(_NORMALIZATION_FORM, password)
|
||||
password_hash = bcrypt.hashpw(password.encode(), self.salt.encode())
|
||||
return self.password.encode() == password_hash
|
||||
return bcrypt.checkpw(password.encode(), self.password.encode())
|
||||
|
29
migrations/versions/2021_052917_a5eb5158c4d7_.py
Normal file
29
migrations/versions/2021_052917_a5eb5158c4d7_.py
Normal file
@ -0,0 +1,29 @@
|
||||
"""empty message
|
||||
|
||||
Revision ID: a5eb5158c4d7
|
||||
Revises: 68e2f38e33f4
|
||||
Create Date: 2021-05-29 17:41:32.149720
|
||||
|
||||
"""
|
||||
import sqlalchemy_utils
|
||||
from alembic import op
|
||||
import sqlalchemy as sa
|
||||
|
||||
|
||||
# revision identifiers, used by Alembic.
|
||||
revision = 'a5eb5158c4d7'
|
||||
down_revision = '68e2f38e33f4'
|
||||
branch_labels = None
|
||||
depends_on = None
|
||||
|
||||
|
||||
def upgrade():
|
||||
# ### commands auto generated by Alembic - please adjust! ###
|
||||
op.drop_column('users', 'salt')
|
||||
# ### end Alembic commands ###
|
||||
|
||||
|
||||
def downgrade():
|
||||
# ### commands auto generated by Alembic - please adjust! ###
|
||||
op.add_column('users', sa.Column('salt', sa.VARCHAR(length=128), autoincrement=False, nullable=True))
|
||||
# ### end Alembic commands ###
|
Loading…
Reference in New Issue
Block a user