From ac74f31b67d88e3f4a06a541d99e6e749ecd7b73 Mon Sep 17 00:00:00 2001 From: Lorenzo Date: Mon, 11 Sep 2017 12:57:41 +0200 Subject: [PATCH] Add encryption --- server.py | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/server.py b/server.py index 00323ac..0df84ff 100644 --- a/server.py +++ b/server.py @@ -1,5 +1,6 @@ from flask import Flask, session, url_for, redirect, request, render_template, abort from flask_sqlalchemy import SQLAlchemy +import bcrypt app = Flask(__name__) app.secret_key = "pepsecret" @@ -13,7 +14,7 @@ db = SQLAlchemy(app) class User(db.Model): uid = db.Column(db.Integer, primary_key=True) username = db.Column(db.String(80), unique=True) - passwd = db.Column(db.String(80)) + passwd = db.Column(db.LargeBinary) def __init__(self, username, passwd): self.username = username @@ -94,9 +95,8 @@ class Dispositivo(db.Model): class Accesso(db.Model): - aid = db.Column(db.Integer, primary_key=True) - iid = db.Column(db.Integer, db.ForeignKey('impiegato.iid')) - did = db.Column(db.Integer, db.ForeignKey('dispositivo.did')) + iid = db.Column(db.Integer, db.ForeignKey('impiegato.iid'), primary_key=True) + did = db.Column(db.Integer, db.ForeignKey('dispositivo.did'), primary_key=True) def __init__(self, iid, did): self.iid = iid @@ -110,7 +110,7 @@ class Accesso(db.Model): def login(username, password): user = User.query.filter_by(username=username).first() try: - return password == user.passwd + return bcrypt.checkpw(bytes(password, encoding="utf-8"), user.passwd) except AttributeError: # Se non esiste l'Utente return False @@ -389,7 +389,9 @@ def page_details_host(): if __name__ == "__main__": # db.create_all() - # u = User("lavaleria", "lava") - # db.session.add(u) + # p = b"admin" + # cenere = bcrypt.hashpw(p, bcrypt.gensalt()) + # nuovouser = User('admin', cenere) + # db.session.add(nuovouser) # db.session.commit() app.run(debug=True)