diff --git a/app/main/dao/users_dao.py b/app/main/dao/users_dao.py index 0ebb54b6d..59a23568c 100644 --- a/app/main/dao/users_dao.py +++ b/app/main/dao/users_dao.py @@ -1,6 +1,6 @@ from app import db, login_manager from app.models import User -from app.main.encryption import encrypt +from app.main.encryption import hashpw @login_manager.user_loader @@ -9,7 +9,7 @@ def load_user(user_id): def insert_user(user): - user.password = encrypt(user.password) + user.password = hashpw(user.password) db.session.add(user) db.session.commit() diff --git a/app/main/encryption.py b/app/main/encryption.py index b070fe4aa..27aff9e25 100644 --- a/app/main/encryption.py +++ b/app/main/encryption.py @@ -1,7 +1,9 @@ -import hashlib -from flask import current_app +from flask.ext.bcrypt import generate_password_hash, check_password_hash -def encrypt(value): - key = current_app.config['PASS_SECRET_KEY'] - return hashlib.sha256((key + value).encode('UTF-8')).hexdigest() +def hashpw(password): + return generate_password_hash(password.encode('UTF-8'), 10) + + +def checkpw(password, hashed_password): + return check_password_hash(hashed_password, password) diff --git a/app/main/views/sign_in.py b/app/main/views/sign_in.py index 78011390f..d5d3677c2 100644 --- a/app/main/views/sign_in.py +++ b/app/main/views/sign_in.py @@ -7,7 +7,7 @@ from app.main import main from app.main.forms import LoginForm from app.main.dao import users_dao from app.models import User -from app.main.encryption import encrypt +from app.main.encryption import checkpw @main.route("/sign-in", methods=(['GET'])) @@ -22,7 +22,7 @@ def process_sign_in(): user = users_dao.get_user_by_email(form.email_address.data) if user is None: return jsonify(authorization=False), 401 - if user.password == encrypt(form.password.data): + if checkpw(form.password.data, user.password): login_user(user) else: return jsonify(authorization=False), 401 diff --git a/app/proxy_fix.py b/app/proxy_fix.py index a31496411..a572672d7 100644 --- a/app/proxy_fix.py +++ b/app/proxy_fix.py @@ -14,4 +14,4 @@ class CustomProxyFix(object): def init_app(app): - app.wsgi_app = CustomProxyFix(app.wsgi_app, app.config.get('HTTP_PROTOCOL', 'http')) \ No newline at end of file + app.wsgi_app = CustomProxyFix(app.wsgi_app, app.config.get('HTTP_PROTOCOL', 'http')) diff --git a/requirements.txt b/requirements.txt index 379db7cd1..9ac4a3971 100644 --- a/requirements.txt +++ b/requirements.txt @@ -3,8 +3,9 @@ Flask-Script==2.0.5 Flask-Assets==0.11 Flask-Migrate==1.3.1 Flask-SQLAlchemy==2.0 -psycopg2==2.6.2 +psycopg2==2.6.1 SQLAlchemy==1.0.5 SQLAlchemy-Utils==0.30.5 Flask-WTF==0.11 -Flask-Login==0.2.11 \ No newline at end of file +Flask-Login==0.2.11 +Flask-Bcrypt==0.6.2 \ No newline at end of file diff --git a/tests/app/main/test_encyption.py b/tests/app/main/test_encyption.py index a85aa59d9..9339dd1e3 100644 --- a/tests/app/main/test_encyption.py +++ b/tests/app/main/test_encyption.py @@ -1,9 +1,17 @@ -from app.main import encryption +from app.main.encryption import hashpw, checkpw -def test_encryption(notifications_admin): +def test_should_hash_password(): + password = 'passwordToHash' + assert password != hashpw(password) + + +def test_should_check_password(): value = 's3curePassword!' + encrypted = hashpw(value) + assert checkpw(value, encrypted) is True - encrypted = encryption.encrypt(value) - assert encrypted == encryption.encrypt(value) +def test_checkpw_should_fail_when_pw_does_not_match(): + value = hashpw('somePassword') + assert checkpw('somethingDifferent', value) is False