Skip to content
Permalink
Browse files

Use passlib's CryptContext to handle password hash updates.

  • Loading branch information
TheReverend403 committed Aug 9, 2019
1 parent 0dcb520 commit 8395bf95d4203fa77358a2ec6702a4086d5581f7
Showing with 25 additions and 10 deletions.
  1. +5 −8 app/models/user.py
  2. +18 −0 app/security.py
  3. +2 −2 app/views/auth.py
@@ -19,10 +19,10 @@
from flask import current_app as app
from flask_login import UserMixin
from humanize import naturalsize
from passlib.hash import argon2, bcrypt
from sqlalchemy import event, func

from app import BASE_DIR, db, login, utils
from app.security import hasher


@login.header_loader
@@ -58,16 +58,13 @@ class User(db.Model, UserMixin):
files = db.relationship('File', backref='user', lazy=True, cascade='all,delete')

def set_password(self, password):
self.password = argon2.hash(password)
self.password = hasher.hash(password)

def password_needs_rehash(self):
return bcrypt.identify(self.password)
def password_needs_update(self):
return hasher.needs_update(self.password)

def check_password(self, password):
if self.password_needs_rehash():
return bcrypt.verify(password, self.password)

return argon2.verify(password, self.password)
return hasher.verify(password, self.password)

def storage_directory(self):
return f'{BASE_DIR}/storage/uploads/{self.id}'
@@ -0,0 +1,18 @@
# This file is part of pste.
#
# pste is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# pste is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with pste. If not, see <https://www.gnu.org/licenses/>.

from passlib.context import CryptContext

hasher = CryptContext(schemes=['argon2', 'bcrypt'], deprecated=['bcrypt'])
@@ -45,8 +45,8 @@ def login():
flash('Invalid email or password.', category='error')
return redirect(url_for('auth.login'))

# Upgrade from uPste's bcrypt
if user.password_needs_rehash():
# Upgrade from uPste imported passwords, or update if hash parameters have changed.
if user.password_needs_update():
user.set_password(form.password.data)
db.session.commit()

0 comments on commit 8395bf9

Please sign in to comment.
You can’t perform that action at this time.