From a8360854489d060367cc17ef7933c867228a88e1 Mon Sep 17 00:00:00 2001
From: 0livd <0livd@users.noreply.github.com>
Date: Tue, 27 Jun 2017 00:16:32 +0200
Subject: Use a hashed password for ADMIN_PASSWORD (#236)

* Use a hashed password for ADMIN_PASSWORD

A generate_password_hash manage.py command is provided
Fixes #233

* Print a console warning for users using a clear text ADMIN_PASSWORD

* Reword ADMIN_PASSWORD doc

* Update changelog

* Update CHANGELOG.rst

- say it out loud
- bump to 2.0 (that's the logic of semantic versioning while introducing breaking changes)

* Bump to 2.0 (breaking change)

* Update hashed password warning message

* Mention the generate password hash in the Changelog
---
 budget/tests/tests.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'budget/tests')

diff --git a/budget/tests/tests.py b/budget/tests/tests.py
index a1cedfa..16aaae9 100644
--- a/budget/tests/tests.py
+++ b/budget/tests/tests.py
@@ -10,6 +10,7 @@ import json
 from collections import defaultdict
 import six
 
+from werkzeug.security import generate_password_hash
 from flask import session
 
 # Unset configuration file env var if previously set
@@ -376,7 +377,7 @@ class BudgetTestCase(TestCase):
             self.assertNotIn('raclette', session)
 
     def test_admin_authentication(self):
-        run.app.config['ADMIN_PASSWORD'] = "pass"
+        run.app.config['ADMIN_PASSWORD'] = generate_password_hash("pass")
 
         # test the redirection to the authentication page when trying to access admin endpoints
         resp = self.app.get("/create")
-- 
cgit v1.1