salt the hashes
This commit is contained in:
Ville Rantanen
@@ -7,7 +7,6 @@ from datetime import datetime
|
|||||||
from flask import Flask, render_template, jsonify, current_app, Response, \
|
from flask import Flask, render_template, jsonify, current_app, Response, \
|
||||||
redirect, url_for, request, g, session, send_file, send_from_directory
|
redirect, url_for, request, g, session, send_file, send_from_directory
|
||||||
from werkzeug.utils import secure_filename
|
from werkzeug.utils import secure_filename
|
||||||
import hashlib
|
|
||||||
import zipfile
|
import zipfile
|
||||||
from multiprocessing import Process
|
from multiprocessing import Process
|
||||||
from revprox import ReverseProxied
|
from revprox import ReverseProxied
|
||||||
@@ -78,7 +77,7 @@ def authenticate(name):
|
|||||||
return render_template('authenticate.html',name=name)
|
return render_template('authenticate.html',name=name)
|
||||||
if request.method == 'POST':
|
if request.method == 'POST':
|
||||||
user_password = request.form['password'].encode('utf-8')
|
user_password = request.form['password'].encode('utf-8')
|
||||||
session[name] = password_hash(user_password)
|
session[name] = password_hash(user_password, app.secret_key)
|
||||||
return redirect(url_for('list_view',name=name))
|
return redirect(url_for('list_view',name=name))
|
||||||
|
|
||||||
@app.route('/upload/<name>/<password>', methods=['POST'])
|
@app.route('/upload/<name>/<password>', methods=['POST'])
|
||||||
|
|||||||
@@ -101,7 +101,7 @@ def add_share(shares, config, opts):
|
|||||||
if opts.password:
|
if opts.password:
|
||||||
if opts.plain:
|
if opts.plain:
|
||||||
share['pass_plain'] = opts.password
|
share['pass_plain'] = opts.password
|
||||||
share['pass_hash'] = password_hash(opts.password)
|
share['pass_hash'] = password_hash(opts.password, config['app_secret_key'])
|
||||||
if opts.expire:
|
if opts.expire:
|
||||||
try:
|
try:
|
||||||
date_object = datetime.strptime(opts.expire,"%Y-%m-%d %H:%M")
|
date_object = datetime.strptime(opts.expire,"%Y-%m-%d %H:%M")
|
||||||
@@ -165,7 +165,7 @@ def modify_share(shares, config, opts):
|
|||||||
# ADD/Change a password
|
# ADD/Change a password
|
||||||
if opts.plain:
|
if opts.plain:
|
||||||
share['pass_plain'] = opts.password
|
share['pass_plain'] = opts.password
|
||||||
share['pass_hash'] = password_hash(opts.password)
|
share['pass_hash'] = password_hash(opts.password, config['app_secret_key'])
|
||||||
|
|
||||||
if opts.expire:
|
if opts.expire:
|
||||||
if opts.expire == "":
|
if opts.expire == "":
|
||||||
|
|||||||
@@ -44,11 +44,13 @@ def get_direct_token(share, filename):
|
|||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
def password_hash(string):
|
def password_hash(string, salt=""):
|
||||||
if type(string) == str:
|
if type(string) == str:
|
||||||
string = string.encode("utf-8")
|
string = string.encode("utf-8")
|
||||||
|
if type(salt) == str:
|
||||||
|
salt = salt.encode("utf-8")
|
||||||
return hashlib.sha1(
|
return hashlib.sha1(
|
||||||
string
|
string+salt
|
||||||
).hexdigest()
|
).hexdigest()
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -1,5 +1,4 @@
|
|||||||
import os
|
import os
|
||||||
import hashlib
|
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
from flask import current_app as app
|
from flask import current_app as app
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user