Added password hashing using bcrypt (#114)

Bcrypt library is used to generate a salt and hash the password, then stored in the same db in the same way. On login, bcrypt is used to match the hash Signed-off-by: wongaid <[email protected]> Co-authored-by: wongaid <[email protected]>
DataBytes-Organisation · Nov 29, 2023 · a44a525 · a44a525
1 parent 8e03cd4
commit a44a525
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/neo_dolfin/app.py b/neo_dolfin/app.py
@@ -15,6 +15,8 @@
 import ssl 
 import nltk
 #import certifi
+import requests
+import bcrypt
 import datetime
 import re
 import sqlite3
@@ -215,7 +217,8 @@ def login():
         # Retrieve the user from the database
         user = User.query.filter_by(username=username).first()
 
-        if user and user.password == password:
+        # Check if the user exists and the password is correct with stored hash
+        if user and bcrypt.checkpw(password.encode('utf-8'), user.password):
             # Successful login, set a session variable to indicate that the user is logged in
             session['user_id'] = user.username 
 
@@ -248,6 +251,9 @@ def register():
         email = request.form['email']
         password = request.form['password']
 
+        # Hash password
+        password = bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt())
+
         # Check if the username or email already exists in the database
         existing_user = User.query.filter_by(username=username).first()
         existing_email = User.query.filter_by(email=email).first()

diff --git a/neo_dolfin/requirements.txt b/neo_dolfin/requirements.txt
@@ -13,6 +13,7 @@ async-timeout==4.0.3
 asyncio==3.4.3
 attrs==23.1.0
 backcall==0.2.0
+bcrypt==4.0.1
 blinker==1.6.2
 boto3==1.28.17
 botocore==1.31.17