From 8e1d8309da443438b90030fbc94bd97296ff3122 Mon Sep 17 00:00:00 2001
From: ASPP Student <student@localhost>
Date: Mon, 26 Aug 2024 15:05:41 +0300
Subject: [PATCH 1/3] not leak usernames

---
 auth.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/auth.py b/auth.py
index 1559a08..410ff3c 100644
--- a/auth.py
+++ b/auth.py
@@ -39,10 +39,10 @@ if __name__ == "__main__":
     else:
         username, password = get_credentials()
         if username not in pwdb:
-            print('Wrong username!')
+            print('Wrong username or password!')
         else:
             if authenticate(username, password, pwdb):
                 print('Successfully authenticated!')
             else:
-                print('Wrong password!')
+                print('Wrong username or password!')
 
-- 
2.39.5


From f1fc4c761dcb057a2f274f0d8816db6d1ea04309 Mon Sep 17 00:00:00 2001
From: ASPP Student <student@localhost>
Date: Mon, 26 Aug 2024 15:25:38 +0300
Subject: [PATCH 2/3] hash the password.

---
 auth.py | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/auth.py b/auth.py
index 410ff3c..3d8d072 100644
--- a/auth.py
+++ b/auth.py
@@ -1,6 +1,7 @@
 import json
 import sys
 from getpass import getpass
+import hashlib
 
 PWDB_PATH = 'pwdb.json'
 
@@ -10,10 +11,10 @@ def get_credentials():
     return (username, password)
 
 def authenticate(username, password, pwdb):
-    return password == pwdb[username]
+    return pwhash(password) == pwdb[username]
 
 def add_user(username, pwdb):
-    pwdb[username] = input(f'Enter password for {username}: ')
+    pwdb[username] = pwhash(input(f'Enter password for {username}: '))
     return pwdb
 
 def read_pwdb(PWDB_PATH):
@@ -24,6 +25,19 @@ def read_pwdb(PWDB_PATH):
         pwdb = {}
     return pwdb
 
+# def get_salt(username):
+#     ''' will return a unique variable'''
+
+#     salt = 
+#     return salt
+
+
+def pwhash(password):
+    hashed_pass = hashlib.sha256(password.encode('utf-8')).hexdigest()
+    return hashed_pass
+
+
+
 def write_pwdb(pwdb, PWDB_PATH):
     pwdb_file = open(PWDB_PATH, 'wt')
     json.dump(pwdb, pwdb_file)
-- 
2.39.5


From 86f25aca4602579fbd23b62245ec109d7ecf0b93 Mon Sep 17 00:00:00 2001
From: ASPP Student <student@localhost>
Date: Mon, 26 Aug 2024 15:34:21 +0300
Subject: [PATCH 3/3] remove extra lines.

---
 auth.py | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/auth.py b/auth.py
index 3d8d072..e0b0a90 100644
--- a/auth.py
+++ b/auth.py
@@ -25,12 +25,6 @@ def read_pwdb(PWDB_PATH):
         pwdb = {}
     return pwdb
 
-# def get_salt(username):
-#     ''' will return a unique variable'''
-
-#     salt = 
-#     return salt
-
 
 def pwhash(password):
     hashed_pass = hashlib.sha256(password.encode('utf-8')).hexdigest()
-- 
2.39.5