From ab30844d95f46c9ac6f9c7dde3ecdfa8769f8431 Mon Sep 17 00:00:00 2001 From: HeshamTB Date: Wed, 16 Mar 2022 22:46:50 +0300 Subject: [PATCH] sql_app: implement password hashing when create_user is used. Signed-off-by: HeshamTB --- sql_app/crud.py | 9 ++++++--- sql_app/crypto.py | 9 +++++---- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/sql_app/crud.py b/sql_app/crud.py index f4051da..65e51c3 100644 --- a/sql_app/crud.py +++ b/sql_app/crud.py @@ -2,7 +2,7 @@ from sqlalchemy.orm import Session -from . import models, schemas +from . import models, schemas, crypto def get_user(db: Session, user_id: int): @@ -18,8 +18,11 @@ def get_users(db: Session, skip: int = 0, limit: int = 100): def create_user(db: Session, user: schemas.UserCreate): - fake_hashed_password = user.password + "notreallyhashed" - db_user = models.User(email=user.email, hashed_password=fake_hashed_password) + key = crypto.gen_new_key(user.password) + salt = key[1] + hashed_pass = key[0] + # TODO: check if user already exists? based on name,email ... + db_user = models.User(email=user.email, hashed_password=hashed_pass, passwd_salt=salt) db.add(db_user) db.commit() db.refresh(db_user) diff --git a/sql_app/crypto.py b/sql_app/crypto.py index 1f4a018..7fa65b5 100644 --- a/sql_app/crypto.py +++ b/sql_app/crypto.py @@ -13,11 +13,12 @@ def get_new_salt(n_bytes : int = 32) -> bytes: return os.urandom(n_bytes) -""" -Generate a new key and salt to store. -Returns (key, salt) -""" + def gen_new_key(plain_passwd : str) -> tuple: + """ + Generate a new key and salt to store. + Returns (key, salt) + """ salt = get_new_salt(32) return (calc_key(plain_passwd, salt), salt)