From 39574a2c063ebabbbf0996a48ea87c1a85ad08a9 Mon Sep 17 00:00:00 2001 From: starnakin Date: Sat, 11 Feb 2023 16:06:36 +0100 Subject: [PATCH] password hasheds --- __pycache__/database.cpython-310.pyc | Bin 997 -> 1162 bytes __pycache__/email.cpython-310.pyc | Bin 0 -> 600 bytes __pycache__/hasher.cpython-310.pyc | Bin 0 -> 532 bytes database.json | 2 +- database.py | 10 +++++-- .../320444fe8859cda10187fa078aaa3674 | Bin 49 -> 49 bytes hash.py | 26 ------------------ hasher.py | 9 ++++++ mail.py | 26 ++++++++++++++++++ main.py | 4 +++ 10 files changed, 48 insertions(+), 29 deletions(-) create mode 100644 __pycache__/email.cpython-310.pyc create mode 100644 __pycache__/hasher.cpython-310.pyc delete mode 100644 hash.py create mode 100644 hasher.py create mode 100644 mail.py diff --git a/__pycache__/database.cpython-310.pyc b/__pycache__/database.cpython-310.pyc index 239ce05b396db5e27749cc1e8f4cd220d1578a30..7b9825e21f446bcd229d26411385eb6bea224275 100644 GIT binary patch delta 580 zcmYjNF^dyH6rMLTyPND~H^~~q=^=>4K|mWT!O~K=Cfzh4cW>eaE*E(-qIc{OA$QGn zVZl<8QUxo2iq-Za*I3%>o2cM}_wD<>H}CB?^DVhPojU856+l^h`m}Dr2Vo`Ha)uXYgVT zC2ZhAdbw7m@Vb;sn6eVA4+VwOgQ$*=$L`pYX@>8}+c%yxcj|b0>MZ$MIZq!Hh4-Ki zgK57UJNJ4{INDAkC9GCoWp7b%;lgkVeW2T197%?M5iEx8*5X4hyeP#I*rxbnvy=!Z zujC!UFDlu%TI&)@xe1ro2RC8a%`cAg=#`&5dNPP8XQ@^%tgoZP-kGPBun zv(&4est1qzthtyWhXPtacf(Xn)>-ccxrzPs^b8Lv?5E(8y48i+-J@Hf4!@vwfN-Pj bEbUdF)c$Udc}Fy$Aydv=?pvQ`Pp!nEirH(;g#H}x# zAeNPNo~>W&>$eS9448{oCccYW6y;(Y{5DdT}GM@@%@mA!%dM&XvSrW#)t7INgUOM~iBn6KO|k>ZWs1 WRGu2$PQWk_wsgUkzVgjbMd}AWF;(yY diff --git a/__pycache__/email.cpython-310.pyc b/__pycache__/email.cpython-310.pyc new file mode 100644 index 0000000000000000000000000000000000000000..518c457a53af1d6723bd3141a9e1b1491cf748b4 GIT binary patch literal 600 zcmYjPL2uJA6t?3eP1h9dz-4fROOe)~X=0i*p-PNhpwpys%B3=S?i!Zbk?j;xl^Z_; ziS5XdzvC+h#9x35&tZo?>%A|ZUtYfF=cwUukDwiV`&Im)g#7em*J30SbaR9O2+)e; z1Oi|XLIg4NzD7BPLf+7olCwFF7eqp2XH;py#F8y>(XwkP|^x%3+CIs zw-C|uSLogOx9pbOk+MB<>_m$I~B(8YvE$lUzFGRzz93P?`0I~9=_WZ=)QmQ4Sgqifbi!qTdI}FjOAML zn^I=yVx3(HZB%yEPK9h{r4?B>jd9(&z7Z1UUeZ?^f9VNLX@ctk)kCBx=fAIg$}wYg ix7&&Bgw$t~vz3CT5-;(OA!Z*#LIM`h|119cDES9GB$Pt{ literal 0 HcmV?d00001 diff --git a/__pycache__/hasher.cpython-310.pyc b/__pycache__/hasher.cpython-310.pyc new file mode 100644 index 0000000000000000000000000000000000000000..ac174376d464e37ea249c4ed9d3458f9455a8c31 GIT binary patch literal 532 zcmYjOy-or_5Z>L}y8{A=v9RC`u8?aiEQ~SHRzgB|4LNQHj{tXMcM&mI>4Qi~ zYhio^6BB0+NSI`1XD0LWeY0h&)nF)}AK%#@zF!m^OMt-*s<}X;nBr5GFeQL155!0+ zsr)yYcvU6405rj5q3HEwzp zFU<0Hu_o(n*hci(R&<~Jg&mz=M$-Ail?CI1VWwAen*@1k^7%3eAD}Sl)J9wj9JXaT z#OJpY=j9AyV^dwElW`H>!DHM5ZOXW}x`$%XA6tlN2I$Uwcs^89HnBjx;v>Kx55`f~K0ta{&}tsX)_(lQ7F6o6MJys4#2#lnVCF z)G&16*bGcM17fp>)8x8|Q4~~DoM)`objck^IV{U*Rd6(lx^*?Lb~P*2VhY!Ee?u^8 I>{PVnKi86QmH+?% literal 0 HcmV?d00001 diff --git a/database.json b/database.json index f15ea8f..24754f9 100644 --- a/database.json +++ b/database.json @@ -1 +1 @@ -{"users": {"1": {"camille@chauvet.pro": "Fgzf4BY6R8oBfoz6VrHziwxjZiz4dB2cU7FcXP5kh"}}} \ No newline at end of file +{"users": {"1": {"camille@chauvet.pro": "b'$2b$12$AMuNu9CU/lUyaQjDmyWypeVg8beyRA795lrldMGAmHMXaeyfNnke.'"}}} \ No newline at end of file diff --git a/database.py b/database.py index 6ef2d11..71bb00c 100644 --- a/database.py +++ b/database.py @@ -1,4 +1,5 @@ from tinydb import TinyDB, Query +import hasher db = TinyDB("./database.json") users = db.table("users"); @@ -15,7 +16,12 @@ def user_exist(email: str): return (get_user_by_email(email) != None) def add_user(email: str, password: str): - users.insert({email: password}); + password_hashed = hasher.hash_text(password) + users.insert({email: str(password_hashed)}); def check_password(email: str, password: str): - return (get_user_by_email(email).get(email) == password) + password_hashed = get_user_by_email(email).get(email) + password_hashed = bytes(password_hashed[2:-1], "utf-8") + return (hasher.is_same(password, password_hashed)) + +resets = db.table("resets") diff --git a/flask_session/320444fe8859cda10187fa078aaa3674 b/flask_session/320444fe8859cda10187fa078aaa3674 index b5c66ec8205b8f91eb93fbc3f1fbf8d686d40a86..e53970ba5221c845c713e7fbb8584a0cf5494709 100644 GIT binary patch delta 8 PcmXpsWU}p@$fOSd2tEPv delta 8 PcmXpsWJ)Zb$fOSd2$})^ diff --git a/hash.py b/hash.py deleted file mode 100644 index a9fd82f..0000000 --- a/hash.py +++ /dev/null @@ -1,26 +0,0 @@ -import bcrypt - -# Declaring our password -password = b'GeekPassword' - -# Adding the salt to password -salt = bcrypt.gensalt() -# Hashing the password -hashed = bcrypt.hashpw(password, salt) - -print(salt) -print(type(hashed)) - -salt = hashed[:29] - -print(salt) -print(password == bcrypt.hashpw(password, salt)) -print(password == bcrypt.hashpw(password, salt)) -print(password == bcrypt.hashpw(password, salt)) -print(password == bcrypt.hashpw(password, salt)) -print(password == bcrypt.hashpw(password, salt)) -print(password == bcrypt.hashpw(password, salt)) -print(password == bcrypt.hashpw(password, salt)) -print(password == bcrypt.hashpw(password, salt)) -print(password == bcrypt.hashpw(password, salt)) -print(password == bcrypt.hashpw(password, salt)) diff --git a/hasher.py b/hasher.py new file mode 100644 index 0000000..d4dd36e --- /dev/null +++ b/hasher.py @@ -0,0 +1,9 @@ +import bcrypt + +def hash_text(text:str) -> bytes: + text = bytes(text, "utf-8") + return (bcrypt.hashpw(text, bcrypt.gensalt())) + +def is_same(text:str, hashed: bytes) -> bool: + text = text.encode("utf-8") + return (bcrypt.checkpw(text, hashed)) diff --git a/mail.py b/mail.py new file mode 100644 index 0000000..018f9ac --- /dev/null +++ b/mail.py @@ -0,0 +1,26 @@ +import ssl +import smtplib +from email.message import EmailMessage + +config = { + "server": "ssl0.ovh.net", + "port": 465, + "email": "auto@chauvet.pro", + "password": "#FL7Sf*9hZMkund24$a@46ny7Dx", + "display_name": "no-reply@chauvet.pro" +} + +def send_mail(mail_add:str, subject:str, mail_content:str): + email = EmailMessage() + email['From'] = config["display_name"] + email["To"] = mail_add; + email["subject"] = subject; + email.set_content(mail_content); + + context = ssl.create_default_context(); + + with smtplib.SMTP_SSL(config["server"], config["port"], context=context) as smtp: + smtp.login(config["email"], config["password"]); + smtp.sendmail(config["email"], mail_add, email.as_string()); + +send_mail("camille@chauvet.pro", "test", "text") diff --git a/main.py b/main.py index 699d07f..b1ceb49 100644 --- a/main.py +++ b/main.py @@ -25,6 +25,8 @@ def login(): @app.route('/login', methods=['POST']) def login_post(): + if (not session.get("email")): + return (redirect("/connected")) email = request.form.get('email') password = request.form.get('password') if (not database.user_exist(email)): @@ -45,6 +47,8 @@ def signin(): @app.route('/signin', methods=['POST']) def signup_post(): + if (not session.get("email")): + return (redirect("/connected")) email = request.form.get('email') password = request.form.get('password') repassword = request.form.get('repassword')