From b4ba12f5c808ece4984b0c3a028ef3fb3fdf8d39 Mon Sep 17 00:00:00 2001 From: ASPP Student Date: Mon, 26 Aug 2024 14:55:02 +0300 Subject: [PATCH 1/5] use getpass for add_user --- auth.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auth.py b/auth.py index fb0cb6b..036a62a 100644 --- a/auth.py +++ b/auth.py @@ -14,7 +14,7 @@ def authenticate(username, password, pwdb): return password == pwdb[username] def add_user(username, pwdb): - pwdb[username] = input(f'Enter password for {username}: ') + pwdb[username] = getpass(f'Enter password for {username}: ') return pwdb def read_pwdb(PWDB_PATH): From 65d0aae9c9b4af0f5555fc18d62977d1093e2879 Mon Sep 17 00:00:00 2001 From: ASPP Student Date: Mon, 26 Aug 2024 15:05:02 +0300 Subject: [PATCH 2/5] fix password hashing # doc.python.org --- auth.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/auth.py b/auth.py index 036a62a..76a5eb4 100644 --- a/auth.py +++ b/auth.py @@ -31,7 +31,10 @@ def write_pwdb(pwdb, PWDB_PATH): def pwhash(pwd): - return sha256(pwd) + encoded_pwd = pwd.encode("utf-8") + m = sha256() + m.update(encoded_pwd) + return m.hexdigest() if __name__ == "__main__": PWDB_PATH = 'pwdb.json' From 33720c9b63936bafa5dd97f6835a36067a8129b5 Mon Sep 17 00:00:00 2001 From: ASPP Student Date: Mon, 26 Aug 2024 15:06:05 +0300 Subject: [PATCH 3/5] make use of pwdhash --- auth.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/auth.py b/auth.py index 76a5eb4..a2bc4d4 100644 --- a/auth.py +++ b/auth.py @@ -7,14 +7,14 @@ PWDB_PATH = 'pwdb.json' def get_credentials(): username = input('Enter your username: ') - password = getpass('Enter your password: ') - return (username, password) + hashed_password = pwhash(getpass('Enter your password: ')) + return (username, hashed_password) -def authenticate(username, password, pwdb): - return password == pwdb[username] +def authenticate(username, hashed_password, pwdb): + return hashed_password == pwdb[username] def add_user(username, pwdb): - pwdb[username] = getpass(f'Enter password for {username}: ') + pwdb[username] = pwhash(getpass(f'Enter password for {username}: ')) return pwdb def read_pwdb(PWDB_PATH): From 487f0f9597899d69d66e23ea87900832c653d764 Mon Sep 17 00:00:00 2001 From: ASPP Student Date: Mon, 26 Aug 2024 15:31:04 +0300 Subject: [PATCH 4/5] fix hashing password --- auth.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/auth.py b/auth.py index fb0cb6b..50296e3 100644 --- a/auth.py +++ b/auth.py @@ -31,7 +31,12 @@ def write_pwdb(pwdb, PWDB_PATH): def pwhash(pwd): - return sha256(pwd) + encoded_pwd = pwd.encode("utf-8") + m = sha256() + m.update(encoded_pwd) + return m.hexdigest() + + if __name__ == "__main__": PWDB_PATH = 'pwdb.json' From de4dc255acd7bbd2db200aad8323388ab9b2e3a6 Mon Sep 17 00:00:00 2001 From: ASPP Student Date: Mon, 26 Aug 2024 15:31:17 +0300 Subject: [PATCH 5/5] implement hashing password where needed --- auth.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/auth.py b/auth.py index 50296e3..fad77c5 100644 --- a/auth.py +++ b/auth.py @@ -7,14 +7,14 @@ PWDB_PATH = 'pwdb.json' def get_credentials(): username = input('Enter your username: ') - password = getpass('Enter your password: ') - return (username, password) + hashed_password = pwhash(getpass('Enter your password: ')) + return (username, hashed_password) -def authenticate(username, password, pwdb): - return password == pwdb[username] +def authenticate(username, hashed_password, pwdb): + return hashed_password == pwdb[username] def add_user(username, pwdb): - pwdb[username] = input(f'Enter password for {username}: ') + pwdb[username] = pwhash(input(f'Enter password for {username}: ')) return pwdb def read_pwdb(PWDB_PATH):