fix passwd argon
This commit is contained in:
Mateusz Gruszczyński
23
app.py
23
app.py
@@ -56,7 +56,22 @@ os.makedirs(DATA_DIR, exist_ok=True)
|
||||
###############################################################################
|
||||
# Modele bazy danych
|
||||
###############################################################################
|
||||
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
|
||||
pwd_context = CryptContext(
|
||||
schemes=["argon2", "bcrypt"],
|
||||
deprecated="auto",
|
||||
argon2__rounds=4,
|
||||
argon2__memory_cost=65536,
|
||||
argon2__parallelism=2,
|
||||
)
|
||||
|
||||
def ensure_default_admin_user():
|
||||
if User.query.count() == 0:
|
||||
admin_user = User(username="admin")
|
||||
admin_user.set_password("admin")
|
||||
db.session.add(admin_user)
|
||||
db.session.commit()
|
||||
print("[INIT] Created default user: admin / admin")
|
||||
|
||||
class User(db.Model):
|
||||
__tablename__ = 'users'
|
||||
id = db.Column(db.Integer, primary_key=True)
|
||||
@@ -124,6 +139,7 @@ class GlobalSettings(db.Model):
|
||||
###############################################################################
|
||||
with app.app_context():
|
||||
db.create_all()
|
||||
ensure_default_admin_user()
|
||||
if not GlobalSettings.query.first():
|
||||
default_settings = GlobalSettings()
|
||||
db.session.add(default_settings)
|
||||
@@ -815,6 +831,9 @@ def login():
|
||||
password = request.form['password']
|
||||
u = User.query.filter_by(username=username).first()
|
||||
if u and u.check_password(password):
|
||||
if pwd_context.needs_update(u.password_hash):
|
||||
u.set_password(password)
|
||||
db.session.commit()
|
||||
session['user_id'] = u.id
|
||||
flash("Zalogowano pomyślnie.")
|
||||
return redirect(url_for('dashboard'))
|
||||
@@ -1363,7 +1382,7 @@ def change_password():
|
||||
flash("Nowe hasło i potwierdzenie nie są zgodne.")
|
||||
return redirect(url_for('change_password'))
|
||||
|
||||
user.password_hash = pwd_context.hash(new_password)
|
||||
user.set_password(new_password)
|
||||
db.session.commit()
|
||||
flash("Hasło zostało zmienione pomyślnie.")
|
||||
return redirect(url_for('dashboard'))
|
||||
|
||||
Reference in New Issue
Block a user