From a1b9de76d1089cfc325f300201ba4b4db226f14c Mon Sep 17 00:00:00 2001
From: Miguel Barao <miguel.barao@gmail.com>
Date: Tue, 20 Nov 2018 17:45:18 +0000
Subject: [PATCH] change password is now async

---
 learnapp.py |  9 +++++++--
 serve.py    |  5 +++--
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/learnapp.py b/learnapp.py
index 9013e15..7c85c52 100644
--- a/learnapp.py
+++ b/learnapp.py
@@ -35,6 +35,8 @@ async def check_password(try_pw, password):
     hashed_pw = await loop.run_in_executor(None, bcrypt.hashpw, try_pw, password)
     return password == hashed_pw
 
+def bcrypt_hash_gen(pw):
+    return bcrypt.hashpw(pw.encode('utf-8'), bcrypt.gensalt())
 
 # ============================================================================
 # LearnApp - application logic
@@ -124,13 +126,16 @@ class LearnApp(object):
     # ------------------------------------------------------------------------
     # change_password
     # ------------------------------------------------------------------------
-    def change_password(self, uid, pw):
+    async def change_password(self, uid, pw):
         if not pw:
             return False
 
+        loop = asyncio.get_running_loop()
+        pw = await loop.run_in_executor(None, bcrypt_hash_gen, pw)
+
         with self.db_session() as s:
             u = s.query(Student).get(uid)
-            u.password = bcrypt.hashpw(pw.encode('utf-8'), bcrypt.gensalt())
+            u.password = pw
 
         logger.info(f'User "{uid}" changed password')
         return True
diff --git a/serve.py b/serve.py
index 073e3e8..28ac080 100755
--- a/serve.py
+++ b/serve.py
@@ -114,11 +114,12 @@ class LogoutHandler(BaseHandler):
 # ----------------------------------------------------------------------------
 class ChangePasswordHandler(BaseHandler):
     @tornado.web.authenticated
-    def post(self):
+    async def post(self):
         uid = self.current_user
         pw = self.get_body_arguments('new_password')[0]
 
-        if self.learn.change_password(uid, pw):
+        changed_ok = await self.learn.change_password(uid, pw)
+        if changed_ok:
             notification = tornado.escape.to_unicode(self.render_string('notification.html', type='success', msg='A password foi alterada!'))
         else:
             notification = tornado.escape.to_unicode(self.render_string('notification.html', type='danger', msg='A password não foi alterada!'))
--
libgit2 0.21.2