sql_app: implement password hashing when create_user is used.

Signed-off-by: HeshamTB <hishaminv@gmail.com>
2022-03-16 22:46:50 +03:00 · 2022-03-16 22:46:50 +03:00 · ab30844d95
commit ab30844d95
parent 75984d1f1f
2 changed files with 11 additions and 7 deletions
--- a/sql_app/crud.py
+++ b/sql_app/crud.py
@ -2,7 +2,7 @@

 from sqlalchemy.orm import Session

-from . import models, schemas
+from . import models, schemas, crypto


 def get_user(db: Session, user_id: int):
@ -18,8 +18,11 @@ def get_users(db: Session, skip: int = 0, limit: int = 100):


 def create_user(db: Session, user: schemas.UserCreate):
-    fake_hashed_password = user.password + "notreallyhashed"
-    db_user = models.User(email=user.email, hashed_password=fake_hashed_password)
+    key = crypto.gen_new_key(user.password)
+    salt = key[1]
+    hashed_pass = key[0]
+    # TODO: check if user already exists? based on name,email ...
+    db_user = models.User(email=user.email, hashed_password=hashed_pass, passwd_salt=salt)
    db.add(db_user)
    db.commit()
    db.refresh(db_user)
--- a/sql_app/crypto.py
+++ b/sql_app/crypto.py
@ -13,11 +13,12 @@ def get_new_salt(n_bytes : int = 32) -> bytes:
    
    return os.urandom(n_bytes)

+
+def gen_new_key(plain_passwd : str) -> tuple:
    """
    Generate a new key and salt to store.
    Returns (key, salt)
    """
-def gen_new_key(plain_passwd : str) -> tuple:
    salt = get_new_salt(32)
    return (calc_key(plain_passwd, salt), salt)