108536490: Update encryption for password

app/main/dao/users_dao.py

@@ -1,6 +1,6 @@
 from app import db, login_manager
 from app.models import User
-from app.main.encryption import encrypt
+from app.main.encryption import hashpw
 
 
 @login_manager.user_loader
@@ -9,7 +9,7 @@ def load_user(user_id):
 
 
 def insert_user(user):
-    user.password = encrypt(user.password)
+    user.password = hashpw(user.password)
     db.session.add(user)
     db.session.commit()
 

app/main/encryption.py

@@ -1,7 +1,9 @@
-import hashlib
-from flask import current_app
+from flask.ext.bcrypt import generate_password_hash, check_password_hash
 
 
-def encrypt(value):
-    key = current_app.config['PASS_SECRET_KEY']
-    return hashlib.sha256((key + value).encode('UTF-8')).hexdigest()
+def hashpw(password):
+    return generate_password_hash(password.encode('UTF-8'), 10)
+
+
+def checkpw(password, hashed_password):
+    return check_password_hash(hashed_password, password)

app/main/views/sign_in.py

@@ -7,7 +7,7 @@ from app.main import main
 from app.main.forms import LoginForm
 from app.main.dao import users_dao
 from app.models import User
-from app.main.encryption import encrypt
+from app.main.encryption import checkpw
 
 
 @main.route("/sign-in", methods=(['GET']))
@@ -22,7 +22,7 @@ def process_sign_in():
         user = users_dao.get_user_by_email(form.email_address.data)
         if user is None:
             return jsonify(authorization=False), 401
-        if user.password == encrypt(form.password.data):
+        if checkpw(form.password.data, user.password):
             login_user(user)
         else:
             return jsonify(authorization=False), 401

app/proxy_fix.py

@@ -14,4 +14,4 @@ class CustomProxyFix(object):
 
 
 def init_app(app):
-    app.wsgi_app = CustomProxyFix(app.wsgi_app, app.config.get('HTTP_PROTOCOL', 'http'))
+    app.wsgi_app = CustomProxyFix(app.wsgi_app, app.config.get('HTTP_PROTOCOL', 'http'))

requirements.txt

@@ -3,8 +3,9 @@ Flask-Script==2.0.5
 Flask-Assets==0.11
 Flask-Migrate==1.3.1
 Flask-SQLAlchemy==2.0
-psycopg2==2.6.2
+psycopg2==2.6.1
 SQLAlchemy==1.0.5
 SQLAlchemy-Utils==0.30.5
 Flask-WTF==0.11
-Flask-Login==0.2.11
+Flask-Login==0.2.11
+Flask-Bcrypt==0.6.2

tests/app/main/test_encyption.py

@@ -1,9 +1,17 @@
-from app.main import encryption
+from app.main.encryption import hashpw, checkpw
 
 
-def test_encryption(notifications_admin):
+def test_should_hash_password():
+    password = 'passwordToHash'
+    assert password != hashpw(password)
+
+
+def test_should_check_password():
     value = 's3curePassword!'
+    encrypted = hashpw(value)
+    assert checkpw(value, encrypted) is True
 
-    encrypted = encryption.encrypt(value)
 
-    assert encrypted == encryption.encrypt(value)
+def test_checkpw_should_fail_when_pw_does_not_match():
+    value = hashpw('somePassword')
+    assert checkpw('somethingDifferent', value) is False