From 0a9eefd31c92e408ca66e615c3d9d27310b223b1 Mon Sep 17 00:00:00 2001
From: Guillaume Horel <guillaume.horel@serenitascapital.com>
Date: Thu, 2 Apr 2015 16:28:12 -0400
Subject: More secure authentication

need to figure out to upgrade the passwords
---
 famille.py | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

(limited to 'famille.py')

diff --git a/famille.py b/famille.py
index 57be38d..19dd4d8 100644
--- a/famille.py
+++ b/famille.py
@@ -14,7 +14,7 @@ from bs4 import BeautifulSoup
 from flask_mail import Mail, Message
 import locale
 from smartypants import smartypants, Attr
-
+import bcrypt
 
 locale.setlocale(locale.LC_ALL, 'fr_FR.UTF-8')
 
@@ -258,8 +258,7 @@ def edit_user():
         result = {}
         try:
             if request.form['password'] == request.form['password_confirm']:
-                result['password'] = hashlib.md5(request.form['password']).\
-                    hexdigest()
+                result['password'] = bcrypt.hashpw(password, bcrypt.gensalt())
             else:
                 error = "Les deux mots de passe ne coïncident pas"
                 return render_template("user/edit.html", user=request.form,
@@ -287,11 +286,10 @@ def login():
 
     if request.method == 'POST':
         username = request.form['username']
-        password = hashlib.md5(request.form['password'].encode("utf-8")).hexdigest()
         user = query_db('select * from users where user_name = ?',
                         (username,), True)
         if user:
-            if user['password'] == password:
+            if bcrypt.hashpw(request.form['password'], user['password']) == user['password']:
                 session['user_name'] = user['user_name']
                 session['user_id'] = user['id']
                 session['timezone'] = user['timezone'] or "UTC"
-- 
cgit v1.2.3-70-g09d2