fix passwd argon
This commit is contained in:
Mateusz Gruszczyński
23
app.py
23
app.py
@@ -56,7 +56,22 @@ os.makedirs(DATA_DIR, exist_ok=True)
|
|||||||
###############################################################################
|
###############################################################################
|
||||||
# Modele bazy danych
|
# Modele bazy danych
|
||||||
###############################################################################
|
###############################################################################
|
||||||
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
|
pwd_context = CryptContext(
|
||||||
|
schemes=["argon2", "bcrypt"],
|
||||||
|
deprecated="auto",
|
||||||
|
argon2__rounds=4,
|
||||||
|
argon2__memory_cost=65536,
|
||||||
|
argon2__parallelism=2,
|
||||||
|
)
|
||||||
|
|
||||||
|
def ensure_default_admin_user():
|
||||||
|
if User.query.count() == 0:
|
||||||
|
admin_user = User(username="admin")
|
||||||
|
admin_user.set_password("admin")
|
||||||
|
db.session.add(admin_user)
|
||||||
|
db.session.commit()
|
||||||
|
print("[INIT] Created default user: admin / admin")
|
||||||
|
|
||||||
class User(db.Model):
|
class User(db.Model):
|
||||||
__tablename__ = 'users'
|
__tablename__ = 'users'
|
||||||
id = db.Column(db.Integer, primary_key=True)
|
id = db.Column(db.Integer, primary_key=True)
|
||||||
@@ -124,6 +139,7 @@ class GlobalSettings(db.Model):
|
|||||||
###############################################################################
|
###############################################################################
|
||||||
with app.app_context():
|
with app.app_context():
|
||||||
db.create_all()
|
db.create_all()
|
||||||
|
ensure_default_admin_user()
|
||||||
if not GlobalSettings.query.first():
|
if not GlobalSettings.query.first():
|
||||||
default_settings = GlobalSettings()
|
default_settings = GlobalSettings()
|
||||||
db.session.add(default_settings)
|
db.session.add(default_settings)
|
||||||
@@ -815,6 +831,9 @@ def login():
|
|||||||
password = request.form['password']
|
password = request.form['password']
|
||||||
u = User.query.filter_by(username=username).first()
|
u = User.query.filter_by(username=username).first()
|
||||||
if u and u.check_password(password):
|
if u and u.check_password(password):
|
||||||
|
if pwd_context.needs_update(u.password_hash):
|
||||||
|
u.set_password(password)
|
||||||
|
db.session.commit()
|
||||||
session['user_id'] = u.id
|
session['user_id'] = u.id
|
||||||
flash("Zalogowano pomyślnie.")
|
flash("Zalogowano pomyślnie.")
|
||||||
return redirect(url_for('dashboard'))
|
return redirect(url_for('dashboard'))
|
||||||
@@ -1363,7 +1382,7 @@ def change_password():
|
|||||||
flash("Nowe hasło i potwierdzenie nie są zgodne.")
|
flash("Nowe hasło i potwierdzenie nie są zgodne.")
|
||||||
return redirect(url_for('change_password'))
|
return redirect(url_for('change_password'))
|
||||||
|
|
||||||
user.password_hash = pwd_context.hash(new_password)
|
user.set_password(new_password)
|
||||||
db.session.commit()
|
db.session.commit()
|
||||||
flash("Hasło zostało zmienione pomyślnie.")
|
flash("Hasło zostało zmienione pomyślnie.")
|
||||||
return redirect(url_for('dashboard'))
|
return redirect(url_for('dashboard'))
|
||||||
|
|||||||
Reference in New Issue
Block a user