Commit 23f959bdab8b5cd86dbaf0177c7fb17d1f17e408
1 parent
181d7eb8
Exists in
dev
update to bcrypt 5.0 (incomplete)
Showing
4 changed files
with
25 additions
and
14 deletions
Show diff stats
aprendizations/initdb.py
| @@ -186,7 +186,10 @@ def main(): | @@ -186,7 +186,10 @@ def main(): | ||
| 186 | print(f' {student["uid"]}, {student["name"]}') | 186 | print(f' {student["uid"]}, {student["name"]}') |
| 187 | 187 | ||
| 188 | passwd = args.pw or student['uid'] | 188 | passwd = args.pw or student['uid'] |
| 189 | - hashed_pw = bcrypt.hashpw(passwd.encode('utf-8'), bcrypt.gensalt()) | 189 | + # passwd = passwd[:72] # HACK: truncate to avoid exception on bcrypt 5.0 |
| 190 | + print(type(passwd), passwd) | ||
| 191 | + hashed_pw = bcrypt.hashpw(passwd[:72].encode('utf-8'), bcrypt.gensalt()) | ||
| 192 | + print(type(hashed_pw), hashed_pw) | ||
| 190 | session.add(Student(id=student['uid'], | 193 | session.add(Student(id=student['uid'], |
| 191 | name=student['name'], | 194 | name=student['name'], |
| 192 | password=hashed_pw)) | 195 | password=hashed_pw)) |
| @@ -204,16 +207,19 @@ def main(): | @@ -204,16 +207,19 @@ def main(): | ||
| 204 | print('\nUpdating passwords of students:') | 207 | print('\nUpdating passwords of students:') |
| 205 | count = 0 | 208 | count = 0 |
| 206 | for sid in args.update: | 209 | for sid in args.update: |
| 210 | + passwd = args.pw or sid | ||
| 211 | + hashed_pw = bcrypt.hashpw(passwd[:72].encode('utf-8'), bcrypt.gensalt()) | ||
| 212 | + print(type(passwd), passwd) | ||
| 213 | + print(type(hashed_pw), hashed_pw) | ||
| 207 | try: | 214 | try: |
| 208 | - query = select(Student).filter_by(id=sid) | 215 | + query = select(Student).where(Student.id == sid) |
| 209 | student = session.execute(query).scalar_one() | 216 | student = session.execute(query).scalar_one() |
| 217 | + student.password = hashed_pw # FIXME: update not working | ||
| 210 | except NoResultFound: | 218 | except NoResultFound: |
| 211 | print(f' -> student {sid} does not exist!') | 219 | print(f' -> student {sid} does not exist!') |
| 212 | continue | 220 | continue |
| 213 | count += 1 | 221 | count += 1 |
| 214 | print(f' {sid}, {student.name}') | 222 | print(f' {sid}, {student.name}') |
| 215 | - passwd = (args.pw or sid).encode('utf-8') | ||
| 216 | - student.password = str(bcrypt.hashpw(passwd, bcrypt.gensalt())) | ||
| 217 | 223 | ||
| 218 | session.commit() | 224 | session.commit() |
| 219 | print(f'Total {count} password(s) updated.') | 225 | print(f'Total {count} password(s) updated.') |
aprendizations/learnapp.py
| @@ -165,10 +165,14 @@ class Application(): | @@ -165,10 +165,14 @@ class Application(): | ||
| 165 | logger.info('User "%s" does not exist', uid) | 165 | logger.info('User "%s" does not exist', uid) |
| 166 | return False | 166 | return False |
| 167 | 167 | ||
| 168 | - loop = asyncio.get_running_loop() | 168 | + # NOTE: |
| 169 | + # bcrypt 5.0 raises ValueError exception for password larger than 72 chars. | ||
| 170 | + # I'm truncating the password to avoid this exception | ||
| 171 | + print(type(password.encode('utf-8')), password.encode('utf-8')) | ||
| 172 | + print(type(student.password), student.password) | ||
| 169 | pw_ok: bool = await loop.run_in_executor(None, | 173 | pw_ok: bool = await loop.run_in_executor(None, |
| 170 | bcrypt.checkpw, | 174 | bcrypt.checkpw, |
| 171 | - password.encode('utf-8'), | 175 | + password[:72].encode('utf-8'), |
| 172 | student.password) | 176 | student.password) |
| 173 | 177 | ||
| 174 | if pw_ok: | 178 | if pw_ok: |
| @@ -209,7 +213,7 @@ class Application(): | @@ -209,7 +213,7 @@ class Application(): | ||
| 209 | logger.info('User "%s" logged out', uid) | 213 | logger.info('User "%s" logged out', uid) |
| 210 | 214 | ||
| 211 | # ------------------------------------------------------------------------ | 215 | # ------------------------------------------------------------------------ |
| 212 | - async def change_password(self, uid: str, password: str) -> bool: | 216 | + async def change_password(self, uid: str, password: str, loop) -> bool: |
| 213 | ''' | 217 | ''' |
| 214 | Change user Password. | 218 | Change user Password. |
| 215 | Returns True if password is successfully changed | 219 | Returns True if password is successfully changed |
| @@ -217,15 +221,15 @@ class Application(): | @@ -217,15 +221,15 @@ class Application(): | ||
| 217 | if not password: | 221 | if not password: |
| 218 | return False | 222 | return False |
| 219 | 223 | ||
| 220 | - loop = asyncio.get_running_loop() | 224 | + # loop = asyncio.get_running_loop() |
| 221 | hashed_pw = await loop.run_in_executor(None, | 225 | hashed_pw = await loop.run_in_executor(None, |
| 222 | - bcrypt.hashpw, | ||
| 223 | - password.encode('utf-8'), | ||
| 224 | - bcrypt.gensalt()) | 226 | + bcrypt.hashpw, |
| 227 | + password[:72].encode('utf-8'), | ||
| 228 | + bcrypt.gensalt()) | ||
| 225 | 229 | ||
| 226 | with Session(self._engine) as session: | 230 | with Session(self._engine) as session: |
| 227 | query = select(Student).where(Student.id == uid) | 231 | query = select(Student).where(Student.id == uid) |
| 228 | - session.execute(query).scalar_one().password = str(hashed_pw) | 232 | + session.execute(query).scalar_one().password = hashed_pw |
| 229 | session.commit() | 233 | session.commit() |
| 230 | 234 | ||
| 231 | logger.info('User "%s" changed password', uid) | 235 | logger.info('User "%s" changed password', uid) |
aprendizations/serve.py
| @@ -84,7 +84,8 @@ class ChangePasswordHandler(BaseHandler): | @@ -84,7 +84,8 @@ class ChangePasswordHandler(BaseHandler): | ||
| 84 | '''Try to change password and show success/fail status''' | 84 | '''Try to change password and show success/fail status''' |
| 85 | userid = self.current_user | 85 | userid = self.current_user |
| 86 | passwd = self.get_body_arguments('new_password')[0] # FIXME porque [0]? | 86 | passwd = self.get_body_arguments('new_password')[0] # FIXME porque [0]? |
| 87 | - ok = await self.app.change_password(userid, passwd) | 87 | + loop = tornado.ioloop.IOLoop.current() |
| 88 | + ok = await self.app.change_password(userid, passwd, loop) | ||
| 88 | notification = self.render_string('notification.html', ok=ok) | 89 | notification = self.render_string('notification.html', ok=ok) |
| 89 | self.write({'msg': to_unicode(notification)}) | 90 | self.write({'msg': to_unicode(notification)}) |
| 90 | 91 |
setup.py
| @@ -25,7 +25,7 @@ setup( | @@ -25,7 +25,7 @@ setup( | ||
| 25 | 'pyyaml>=6.0', | 25 | 'pyyaml>=6.0', |
| 26 | 'pygments>=2.19', | 26 | 'pygments>=2.19', |
| 27 | 'sqlalchemy>=2.0.37', | 27 | 'sqlalchemy>=2.0.37', |
| 28 | - 'bcrypt>=4.2.1', | 28 | + 'bcrypt>=5.0', |
| 29 | 'networkx>=3.4.2', | 29 | 'networkx>=3.4.2', |
| 30 | 'pandas>=2.3', | 30 | 'pandas>=2.3', |
| 31 | 'openpyxl' | 31 | 'openpyxl' |