diff options
| author | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-08-07 12:37:32 +0200 |
|---|---|---|
| committer | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-08-07 15:16:41 +0200 |
| commit | 68e1206fc48b5209741cda7b3bedf9adc8a518dd (patch) | |
| tree | ca99bcd5d74639c40f01367f58416ee24b88ca28 | |
| parent | Cleanup comment. (diff) | |
| download | mu4web-68e1206fc48b5209741cda7b3bedf9adc8a518dd.tar.gz mu4web-68e1206fc48b5209741cda7b3bedf9adc8a518dd.tar.xz | |
Stop reusing salt for passwords.
| -rwxr-xr-x | mu4web/password.py | 23 |
1 files changed, 7 insertions, 16 deletions
diff --git a/mu4web/password.py b/mu4web/password.py index 7e6d140..d7ab5ce 100755 --- a/mu4web/password.py +++ b/mu4web/password.py @@ -65,22 +65,13 @@ class Passwords: def add(self, username: str, password: str) -> None: """Add (or modify) entry in store.""" - if cur := self.db.get(username): - salt = cur['salt'] - hashed = hashlib.sha256((salt + password).encode('UTF-8')) - self.db[username] = { - 'hash': hashed.hexdigest(), - 'salt': salt, - 'method': 'sha256', - } - else: - salt = gen_salt() - hashed = hashlib.sha256((salt + password).encode('UTF-8')) - self.db[username] = { - 'hash': hashed.hexdigest(), - 'salt': salt, - 'method': 'sha256' - } + salt = gen_salt() + hashed = hashlib.sha256((salt + password).encode('UTF-8')) + self.db[username] = { + 'hash': hashed.hexdigest(), + 'salt': salt, + 'method': 'sha256' + } def validate(self, username: str, password: str) -> bool: """Check if user exists, and if it has a correct password.""" |