diff options
| -rw-r--r-- | api/auth/signup.py | 5 | ||||
| -rw-r--r-- | api/passwords.py | 13 | ||||
| -rwxr-xr-x | api/tests.sh | 12 | ||||
| -rw-r--r-- | requirements.txt | 4 |
4 files changed, 32 insertions, 2 deletions
diff --git a/api/auth/signup.py b/api/auth/signup.py index df6a271..a568b6d 100644 --- a/api/auth/signup.py +++ b/api/auth/signup.py @@ -1,6 +1,7 @@ from flask import Blueprint, request from main import cursor, connection from randid import new_uuid +import passwords import time import json @@ -20,8 +21,8 @@ def index(): return "", 400 user_id = new_uuid() - password_salt = "salt" - password_hash = "hash" + password_salt = passwords.salt() + password_hash = passwords.password_hash(password, password_salt) registered = int( time.time() * 1000 ) cursor.execute("insert into users values (?, ?, ?, NULL, ?, ?, ?, NULL, FALSE, \"user\", \"{}\", NULL, \"online\") ", diff --git a/api/passwords.py b/api/passwords.py new file mode 100644 index 0000000..58b712d --- /dev/null +++ b/api/passwords.py @@ -0,0 +1,13 @@ +import bcrypt + +def enc(string): + return string.encode('utf-8') + +def salt(): + return bcrypt.gensalt() + +def check_password(password, salt, password_hash): + return bcrypt.checkpw(enc(password)+salt, enc(password_hash)) + +def password_hash(password, salt): + return bcrypt.hashpw(enc(password), salt); diff --git a/api/tests.sh b/api/tests.sh new file mode 100755 index 0000000..391aa0f --- /dev/null +++ b/api/tests.sh @@ -0,0 +1,12 @@ +#!/bin/sh + +signup () { + curl -X POST \ + -H "Content-Type: application/json" \ + -d '{ + "username": "test", + "email": "test@example.com", + "password": "password123" + }' \ + localhost:5000/api/auth/signup +} diff --git a/requirements.txt b/requirements.txt index ec3b76b..3dcb673 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,7 +1,11 @@ +bcrypt==3.2.0 +cffi==1.14.4 click==7.1.2 Flask==1.1.2 itsdangerous==1.1.0 Jinja2==2.11.2 MarkupSafe==1.1.1 +pycparser==2.20 python-dotenv==0.15.0 +six==1.15.0 Werkzeug==1.0.1 |