hash the pass #13

Open
berkutayme wants to merge 3 commits from berkutayme/2024-heraklion-git_berk:hashpass into main

16
auth.py
View file

@ -1,6 +1,7 @@
import json import json
import sys import sys
from getpass import getpass from getpass import getpass
import hashlib
PWDB_PATH = 'pwdb.json' PWDB_PATH = 'pwdb.json'
@ -10,10 +11,10 @@ def get_credentials():
return (username, password) return (username, password)
def authenticate(username, password, pwdb): def authenticate(username, password, pwdb):
return password == pwdb[username] return pwhash(password) == pwdb[username]
def add_user(username, pwdb): def add_user(username, pwdb):
pwdb[username] = input(f'Enter password for {username}: ') pwdb[username] = pwhash(input(f'Enter password for {username}: '))
return pwdb return pwdb
def read_pwdb(PWDB_PATH): def read_pwdb(PWDB_PATH):
@ -24,6 +25,13 @@ def read_pwdb(PWDB_PATH):
pwdb = {} pwdb = {}
return pwdb return pwdb
def pwhash(password):
hashed_pass = hashlib.sha256(password.encode('utf-8')).hexdigest()
return hashed_pass
Review

what is this?

what is this?
def write_pwdb(pwdb, PWDB_PATH): def write_pwdb(pwdb, PWDB_PATH):
pwdb_file = open(PWDB_PATH, 'wt') pwdb_file = open(PWDB_PATH, 'wt')

cool idea!

cool idea!
json.dump(pwdb, pwdb_file) json.dump(pwdb, pwdb_file)
@ -39,10 +47,10 @@ if __name__ == "__main__":
else: else:
username, password = get_credentials() username, password = get_credentials()
if username not in pwdb: if username not in pwdb:
print('Wrong username!') print('Wrong username or password!')
else: else:
if authenticate(username, password, pwdb): if authenticate(username, password, pwdb):
print('Successfully authenticated!') print('Successfully authenticated!')
else: else:
print('Wrong password!') print('Wrong username or password!')