salt the hashes

2018-02-27 18:53:56 +02:00
parent 09bdb028dd
commit 9ed8c18fb3
4 changed files with 7 additions and 7 deletions
--- a/code/app.py
+++ b/code/app.py
@@ -7,7 +7,6 @@ from datetime import datetime
 from flask import Flask, render_template, jsonify, current_app, Response, \
    redirect, url_for, request, g, session, send_file, send_from_directory
 from werkzeug.utils import secure_filename
-import hashlib
 import zipfile
 from multiprocessing import Process
 from revprox import ReverseProxied
@@ -78,7 +77,7 @@ def authenticate(name):
        return render_template('authenticate.html',name=name)
    if request.method == 'POST':
        user_password = request.form['password'].encode('utf-8')
-        session[name] = password_hash(user_password)
+        session[name] = password_hash(user_password, app.secret_key)
        return redirect(url_for('list_view',name=name))

@app.route('/upload/<name>/<password>', methods=['POST'])
--- a/code/flees-manager.py
+++ b/code/flees-manager.py
@@ -101,7 +101,7 @@ def add_share(shares, config, opts):
    if opts.password:
        if opts.plain:
            share['pass_plain'] = opts.password
-        share['pass_hash'] =  password_hash(opts.password)
+        share['pass_hash'] =  password_hash(opts.password, config['app_secret_key'])
    if opts.expire:
        try:
            date_object = datetime.strptime(opts.expire,"%Y-%m-%d %H:%M")
@@ -165,7 +165,7 @@ def modify_share(shares, config, opts):
    # ADD/Change a password
        if opts.plain:
            share['pass_plain'] = opts.password
-        share['pass_hash'] = password_hash(opts.password)
+        share['pass_hash'] = password_hash(opts.password, config['app_secret_key'])

    if opts.expire:
        if opts.expire == "":
--- a/code/utils/crypt.py
+++ b/code/utils/crypt.py
@@ -44,11 +44,13 @@ def get_direct_token(share, filename):
    )


-def password_hash(string):
+def password_hash(string, salt=""):
    if type(string) == str:
        string = string.encode("utf-8")
+    if type(salt) == str:
+        salt = salt.encode("utf-8")
    return hashlib.sha1(
-        string
+        string+salt
    ).hexdigest()


--- a/code/utils/utils.py
+++ b/code/utils/utils.py
@@ -1,5 +1,4 @@
 import os
-import hashlib
 from datetime import datetime
 from flask import current_app as app