Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
La Quadrature du Net
piphone
piphone-sip
Commits
787c7175
Commit
787c7175
authored
Apr 19, 2017
by
okhin
Browse files
Hashing password before checking them in database
parent
5d4f5c57
Pipeline
#946
passed with stage
in 5 seconds
Changes
1
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
piphone.py
View file @
787c7175
...
@@ -12,6 +12,7 @@ import configparser
...
@@ -12,6 +12,7 @@ import configparser
import
argparse
import
argparse
import
os.path
import
os.path
import
sys
import
sys
import
hashlib
from
operator
import
itemgetter
from
operator
import
itemgetter
import
jwt
import
jwt
...
@@ -107,7 +108,7 @@ def authenticated(f):
...
@@ -107,7 +108,7 @@ def authenticated(f):
assert
len
(
results
)
==
1
assert
len
(
results
)
==
1
token
=
results
[
0
][
0
]
token
=
results
[
0
][
0
]
auth_token
=
jwt
.
decode
(
request
.
params
[
'token'
],
token
)
auth_token
=
jwt
.
decode
(
request
.
params
[
'token'
],
token
)
assert
auth_token
[
'api'
]
==
request
.
params
[
'api'
]
assert
hashlib
.
sha256
(
auth_token
[
'api'
]
.
encode
()).
hexdigest
()
==
request
.
params
[
'api'
]
for
key
in
auth_token
:
for
key
in
auth_token
:
request
.
params
[
key
]
=
auth_token
[
key
]
request
.
params
[
key
]
=
auth_token
[
key
]
except
(
jwt
.
exceptions
.
InvalidTokenError
,
AssertionError
)
as
e
:
except
(
jwt
.
exceptions
.
InvalidTokenError
,
AssertionError
)
as
e
:
...
@@ -495,7 +496,7 @@ def login_admin(user, password):
...
@@ -495,7 +496,7 @@ def login_admin(user, password):
if
user
is
None
:
if
user
is
None
:
# user does not exist
# user does not exist
return
False
return
False
if
password
!=
user
[
1
]:
if
hashlib
.
sha256
(
password
.
encode
()).
hexdigest
()
!=
user
[
1
]:
# password does not match
# password does not match
return
False
return
False
if
user
[
2
]
==
0
:
if
user
[
2
]
==
0
:
...
@@ -519,7 +520,7 @@ def little_admin():
...
@@ -519,7 +520,7 @@ def little_admin():
def
medium_admin
():
def
medium_admin
():
db
=
sqlite3
.
connect
(
config
[
'piphone'
][
'db'
])
db
=
sqlite3
.
connect
(
config
[
'piphone'
][
'db'
])
api
=
request
.
forms
.
get
(
'api'
)
api
=
request
.
forms
.
get
(
'api'
)
token
=
request
.
forms
.
get
(
'api_token'
)
token
=
hashlib
.
sha256
(
request
.
forms
.
get
(
'api_token'
)
.
encode
()).
hexdigest
()
admin
=
request
.
forms
.
get
(
'admin'
)
admin
=
request
.
forms
.
get
(
'admin'
)
action
=
request
.
forms
.
get
(
'action'
)
action
=
request
.
forms
.
get
(
'action'
)
pattern
=
request
.
forms
.
get
(
'pattern'
)
pattern
=
request
.
forms
.
get
(
'pattern'
)
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment