Hashing password before checking them in database

piphone.py

@@ -12,6 +12,7 @@ import configparser
 import argparse
 import os.path
 import sys
+import hashlib
 from operator import itemgetter
 
 import jwt
@@ -107,7 +108,7 @@ def authenticated(f):
             assert len(results) == 1
             token = results[0][0]
             auth_token = jwt.decode(request.params['token'], token)
-            assert auth_token['api'] == request.params['api']
+            assert hashlib.sha256(auth_token['api'].encode()).hexdigest() == request.params['api']
             for key in auth_token:
                 request.params[key] = auth_token[key]
         except (jwt.exceptions.InvalidTokenError, AssertionError) as e:
@@ -495,7 +496,7 @@ def login_admin(user, password):
     if user is None:
         # user does not exist
         return False
-    if password != user[1]:
+    if hashlib.sha256(password.encode()).hexdigest() != user[1]:
         # password does not match
         return False
     if user[2] == 0:
@@ -519,7 +520,7 @@ def little_admin():
 def medium_admin():
     db = sqlite3.connect(config['piphone']['db'])
     api = request.forms.get('api')
-    token = request.forms.get('api_token')
+    token = hashlib.sha256(request.forms.get('api_token').encode()).hexdigest()
     admin = request.forms.get('admin')
     action = request.forms.get('action')
     pattern = request.forms.get('pattern')