diff --git a/app.py b/app.py index bf3f960..439fd05 100644 --- a/app.py +++ b/app.py @@ -56,7 +56,22 @@ os.makedirs(DATA_DIR, exist_ok=True) ############################################################################### # Modele bazy danych ############################################################################### -pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto") +pwd_context = CryptContext( + schemes=["argon2", "bcrypt"], + deprecated="auto", + argon2__rounds=4, + argon2__memory_cost=65536, + argon2__parallelism=2, +) + +def ensure_default_admin_user(): + if User.query.count() == 0: + admin_user = User(username="admin") + admin_user.set_password("admin") + db.session.add(admin_user) + db.session.commit() + print("[INIT] Created default user: admin / admin") + class User(db.Model): __tablename__ = 'users' id = db.Column(db.Integer, primary_key=True) @@ -124,6 +139,7 @@ class GlobalSettings(db.Model): ############################################################################### with app.app_context(): db.create_all() + ensure_default_admin_user() if not GlobalSettings.query.first(): default_settings = GlobalSettings() db.session.add(default_settings) @@ -815,6 +831,9 @@ def login(): password = request.form['password'] u = User.query.filter_by(username=username).first() if u and u.check_password(password): + if pwd_context.needs_update(u.password_hash): + u.set_password(password) + db.session.commit() session['user_id'] = u.id flash("Zalogowano pomyślnie.") return redirect(url_for('dashboard')) @@ -1363,7 +1382,7 @@ def change_password(): flash("Nowe hasło i potwierdzenie nie są zgodne.") return redirect(url_for('change_password')) - user.password_hash = pwd_context.hash(new_password) + user.set_password(new_password) db.session.commit() flash("Hasło zostało zmienione pomyślnie.") return redirect(url_for('dashboard'))