Reverting hashing tokens … they're already hashed by the JWT process anyway

f0d81570 · okhin · fc031ca7 · f0d81570
Commit f0d81570 authored Apr 19, 2017 by okhin
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 3 deletions

piphone.py piphone.py +2 -3

No files found.
--- a/piphone.py
+++ b/piphone.py
@@ -12,7 +12,6 @@ import configparser
 import argparse
 import os.path
 import sys
-import hashlib
 from operator import itemgetter

 import jwt
@@ -496,7 +495,7 @@ def login_admin(user, password):
    if user is None:
        # user does not exist
        return False
-    if hashlib.sha256(password.encode()).hexdigest() != user[1]:
+    if password.encode != user[1]:
        # password does not match
        return False
    if user[2] == 0:
@@ -520,7 +519,7 @@ def little_admin():
 def medium_admin():
    db = sqlite3.connect(config['piphone']['db'])
    api = request.forms.get('api')
-    token = hashlib.sha256(request.forms.get('api_token').encode()).hexdigest()
+    token = request.forms.get('api_token')
    admin = request.forms.get('admin')
    action = request.forms.get('action')
    pattern = request.forms.get('pattern')