diff options
| author | 0livd <github@destras.fr> | 2017-12-21 13:57:01 +0100 |
|---|---|---|
| committer | Alexis Metaireau <alexis@notmyidea.org> | 2017-12-21 13:57:01 +0100 |
| commit | c6f72e112ba3d797e71302d96504bbd54c83ca6b (patch) | |
| tree | 5fc8965c918e249caaedcb4f64c37fa36eb1c15e /ihatemoney/api.py | |
| parent | 0dfb9c5f948b10857ce5b55b6317c7773dab87b0 (diff) | |
| download | ihatemoney-mirror-c6f72e112ba3d797e71302d96504bbd54c83ca6b.zip ihatemoney-mirror-c6f72e112ba3d797e71302d96504bbd54c83ca6b.tar.gz ihatemoney-mirror-c6f72e112ba3d797e71302d96504bbd54c83ca6b.tar.bz2 | |
Use hashed passwords for projects (#286)
- Remove all occurences of clear text project passwords.
- Migrate the database to hash the previously stored passwords.
Closes #232
Diffstat (limited to 'ihatemoney/api.py')
| -rw-r--r-- | ihatemoney/api.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/ihatemoney/api.py b/ihatemoney/api.py index a34fa12..82380fd 100644 --- a/ihatemoney/api.py +++ b/ihatemoney/api.py @@ -5,6 +5,7 @@ from flask_rest import RESTResource, need_auth from ihatemoney.models import db, Project, Person, Bill from ihatemoney.forms import (ProjectForm, EditProjectForm, MemberForm, get_billform_for) +from werkzeug.security import check_password_hash api = Blueprint("api", __name__, url_prefix="/api") @@ -21,7 +22,7 @@ def check_project(*args, **kwargs): if auth and "project_id" in kwargs and \ auth.username == kwargs["project_id"]: project = Project.query.get(auth.username) - if project and project.password == auth.password: + if project and check_password_hash(project.password, auth.password): return project return False |