From c6f72e112ba3d797e71302d96504bbd54c83ca6b Mon Sep 17 00:00:00 2001 From: 0livd Date: Thu, 21 Dec 2017 13:57:01 +0100 Subject: Use hashed passwords for projects (#286) - Remove all occurences of clear text project passwords. - Migrate the database to hash the previously stored passwords. Closes #232 --- ihatemoney/forms.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'ihatemoney/forms.py') diff --git a/ihatemoney/forms.py b/ihatemoney/forms.py index c5e0b54..3966891 100644 --- a/ihatemoney/forms.py +++ b/ihatemoney/forms.py @@ -5,6 +5,7 @@ from wtforms.fields.simple import PasswordField, SubmitField, TextAreaField, Str from wtforms.validators import Email, Required, ValidationError, EqualTo from flask_babel import lazy_gettext as _ from flask import request +from werkzeug.security import generate_password_hash from datetime import datetime from jinja2 import Markup @@ -52,14 +53,14 @@ class EditProjectForm(FlaskForm): Returns the created instance """ project = Project(name=self.name.data, id=self.id.data, - password=self.password.data, + password=generate_password_hash(self.password.data), contact_email=self.contact_email.data) return project def update(self, project): """Update the project with the information from the form""" project.name = self.name.data - project.password = self.password.data + project.password = generate_password_hash(self.password.data) project.contact_email = self.contact_email.data return project -- cgit v1.1