Commit 2dc466cfc525e3904d33a86c18b77dd03e556345
1 parent
6d8bb39a
Exists in
master
and in
1 other branch
- fixed initdb_from_csv.py to empty passwords (not bcrypt).
- fixed myauth.py to use bcrypt.
Showing
2 changed files
with
29 additions
and
32 deletions
Show diff stats
initdb_from_csv.py
| @@ -15,12 +15,10 @@ def fixname(s): | @@ -15,12 +15,10 @@ def fixname(s): | ||
| 15 | 15 | ||
| 16 | def genstudent(reader, pw=''): | 16 | def genstudent(reader, pw=''): |
| 17 | for i, r in enumerate(reader): | 17 | for i, r in enumerate(reader): |
| 18 | - print('\rInserting students into database... [{}]'.format(i+1), end='') | ||
| 19 | num = r['N.º'] | 18 | num = r['N.º'] |
| 20 | name = fixname(r['Nome']) | 19 | name = fixname(r['Nome']) |
| 21 | - pwhash = bcrypt.hashpw(pw.encode('utf-8'), bcrypt.gensalt()) | ||
| 22 | - yield (num, name, pwhash) | ||
| 23 | - print('\nDone.') | 20 | + yield (r['N.º'], fixname(r['Nome']), '') |
| 21 | + print('{} students inserted.'.format(i+1)) | ||
| 24 | 22 | ||
| 25 | # ---- DATABASE SCHEMA ---- | 23 | # ---- DATABASE SCHEMA ---- |
| 26 | sql_cmd = '''PRAGMA foreign_keys = ON; | 24 | sql_cmd = '''PRAGMA foreign_keys = ON; |
| @@ -49,12 +47,11 @@ sql_cmd = '''PRAGMA foreign_keys = ON; | @@ -49,12 +47,11 @@ sql_cmd = '''PRAGMA foreign_keys = ON; | ||
| 49 | # --------- Parse command line options ----------- | 47 | # --------- Parse command line options ----------- |
| 50 | argparser = argparse.ArgumentParser(description='Create new database from a CSV file (SIIUE format)') | 48 | argparser = argparse.ArgumentParser(description='Create new database from a CSV file (SIIUE format)') |
| 51 | argparser.add_argument('--db', default='students.db', type=str, help='database filename') | 49 | argparser.add_argument('--db', default='students.db', type=str, help='database filename') |
| 52 | -argparser.add_argument('--pw', default='', type=str, help='initial password') | ||
| 53 | argparser.add_argument('csvfile', type=str, help='CSV filename') | 50 | argparser.add_argument('csvfile', type=str, help='CSV filename') |
| 54 | args = argparser.parse_args() | 51 | args = argparser.parse_args() |
| 55 | 52 | ||
| 56 | 53 | ||
| 57 | -# -------- Parse CSV -------- | 54 | +# --------- Parse CSV -------- |
| 58 | with open(args.csvfile, encoding='iso-8859-1') as csvfile: # SIIUE format | 55 | with open(args.csvfile, encoding='iso-8859-1') as csvfile: # SIIUE format |
| 59 | reader = csv.DictReader(csvfile, delimiter=';', quotechar='"') | 56 | reader = csv.DictReader(csvfile, delimiter=';', quotechar='"') |
| 60 | db_exists = os.path.exists(args.db) | 57 | db_exists = os.path.exists(args.db) |
| @@ -63,13 +60,12 @@ with open(args.csvfile, encoding='iso-8859-1') as csvfile: # SIIUE format | @@ -63,13 +60,12 @@ with open(args.csvfile, encoding='iso-8859-1') as csvfile: # SIIUE format | ||
| 63 | if not db_exists: | 60 | if not db_exists: |
| 64 | print('Creating new database "{}"...'.format(args.db)) | 61 | print('Creating new database "{}"...'.format(args.db)) |
| 65 | c.executescript(sql_cmd) | 62 | c.executescript(sql_cmd) |
| 66 | - pwhash = bcrypt.hashpw(pw.encode('utf-8'), bcrypt.gensalt()) | ||
| 67 | - c.execute('INSERT INTO students VALUES (?,?,?)', ('0', 'Professor', pwhash)) | 63 | + c.execute('INSERT INTO students VALUES (?,?,?)', ('0', 'Professor', '')) |
| 68 | else: | 64 | else: |
| 69 | print('Database "{}" already exists.'.format(args.db)) | 65 | print('Database "{}" already exists.'.format(args.db)) |
| 70 | 66 | ||
| 71 | - print('Warning: Passwords are generated using bcrypt wich takes a lot of time...') | 67 | + print('Inserting students into database... ', end='') |
| 72 | try: | 68 | try: |
| 73 | - c.executemany('INSERT INTO students VALUES (?,?,?)', genstudent(reader, args.pw)) | 69 | + c.executemany('INSERT INTO students VALUES (?,?,?)', genstudent(reader)) |
| 74 | except sqlite3.IntegrityError: | 70 | except sqlite3.IntegrityError: |
| 75 | print('\rStudents already in the database. Aborting!!!') | 71 | print('\rStudents already in the database. Aborting!!!') |
myauth.py
| @@ -7,7 +7,7 @@ | @@ -7,7 +7,7 @@ | ||
| 7 | 7 | ||
| 8 | import cherrypy | 8 | import cherrypy |
| 9 | import sqlite3 | 9 | import sqlite3 |
| 10 | -from hashlib import sha256 | 10 | +import bcrypt |
| 11 | from mako.lookup import TemplateLookup | 11 | from mako.lookup import TemplateLookup |
| 12 | import urllib | 12 | import urllib |
| 13 | import html | 13 | import html |
| @@ -27,33 +27,34 @@ def credentials_ok(uid, password, db): | @@ -27,33 +27,34 @@ def credentials_ok(uid, password, db): | ||
| 27 | updated if it's initially empty. | 27 | updated if it's initially empty. |
| 28 | Returns the name of the student on success, otherwise returns None. | 28 | Returns the name of the student on success, otherwise returns None. |
| 29 | ''' | 29 | ''' |
| 30 | - success = False | ||
| 31 | - tryhash = sha256(password.encode('utf-8')).hexdigest() | 30 | + # success = False |
| 31 | + # tryhash = sha256(password.encode('utf-8')).hexdigest() | ||
| 32 | 32 | ||
| 33 | # search student in database | 33 | # search student in database |
| 34 | - conn = sqlite3.connect(db) | ||
| 35 | - sql_cmd = 'SELECT * FROM students WHERE number=?' | ||
| 36 | - found = conn.execute(sql_cmd, [uid]).fetchone() | ||
| 37 | - if found is not None: | ||
| 38 | - num, name, pw_hash = found | ||
| 39 | - if pw_hash == '': | 34 | + with sqlite3.connect(db) as c: |
| 35 | + sql_cmd = 'SELECT name,password FROM students WHERE number=?' | ||
| 36 | + try: | ||
| 37 | + name, pwhash = c.execute(sql_cmd, [uid]).fetchone() | ||
| 38 | + except: | ||
| 39 | + cherrypy.log.error('Student %s not found!' % uid, 'APPLICATION') | ||
| 40 | + return None | ||
| 41 | + | ||
| 42 | + # student found in db | ||
| 43 | + if pwhash == '': | ||
| 40 | # update password on first login | 44 | # update password on first login |
| 41 | - pw_hash = tryhash | 45 | + hashed = bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt()) |
| 42 | sql_cmd = 'UPDATE students SET password=? WHERE number=?' | 46 | sql_cmd = 'UPDATE students SET password=? WHERE number=?' |
| 43 | - conn.execute(sql_cmd, (pw_hash, num)) | ||
| 44 | - conn.commit() | 47 | + c.execute(sql_cmd, (hashed, uid)) |
| 45 | cherrypy.log.error('Student %s updated his password.' % uid, 'APPLICATION') | 48 | cherrypy.log.error('Student %s updated his password.' % uid, 'APPLICATION') |
| 46 | - | ||
| 47 | - # check password | ||
| 48 | - success = (tryhash == pw_hash) | ||
| 49 | - if success: | ||
| 50 | - cherrypy.log.error('Student %s logged in.' % uid, 'APPLICATION') | 49 | + return name |
| 51 | else: | 50 | else: |
| 52 | - cherrypy.log.error('Student %s wrong password.' % uid, 'APPLICATION') | ||
| 53 | - else: | ||
| 54 | - cherrypy.log.error('Student %s not found!' % uid, 'APPLICATION') | ||
| 55 | - conn.close() | ||
| 56 | - return name if success else None | 51 | + # check password |
| 52 | + if bcrypt.hashpw(password.encode('utf-8'), pwhash) == pwhash: | ||
| 53 | + cherrypy.log.error('Student %s logged in.' % uid, 'APPLICATION') | ||
| 54 | + return name | ||
| 55 | + else: | ||
| 56 | + cherrypy.log.error('Student %s wrong password.' % uid, 'APPLICATION') | ||
| 57 | + return None | ||
| 57 | 58 | ||
| 58 | 59 | ||
| 59 | def check_auth(*args, **kwargs): | 60 | def check_auth(*args, **kwargs): |