From 271f5e264277a466160baefb8cd5334de80d357a Mon Sep 17 00:00:00 2001
From: Marco De Donno <Marco.DeDonno@unil.ch>
Date: Thu, 15 Apr 2021 19:31:10 +0200
Subject: [PATCH] Use the correct variables for the hashing process

---
 views/login/__init__.py   | 2 +-
 views/newuser/__init__.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/views/login/__init__.py b/views/login/__init__.py
index f380488d..c3a1e933 100644
--- a/views/login/__init__.py
+++ b/views/login/__init__.py
@@ -808,7 +808,7 @@ def password_reset_stage2( user_id ):
         userid = data.get( "user_id", None )
         
         if password != None:
-            password = utils.hash.pbkdf2( password, utils.rand.random_data( config.EMAIL_SALT_LENGTH ), config.EMAIL_NB_ITERATIONS ).hash()
+            password = utils.hash.pbkdf2( password, utils.rand.random_data( config.PASSWORD_SALT_LENGTH ), config.PASSWORD_NB_ITERATIONS ).hash()
             config.db.query( "UPDATE users SET password = %s WHERE id = %s", ( password, userid ) )
             config.db.commit()
             
diff --git a/views/newuser/__init__.py b/views/newuser/__init__.py
index 2d762ca4..5f28b724 100644
--- a/views/newuser/__init__.py
+++ b/views/newuser/__init__.py
@@ -398,7 +398,7 @@ def do_config_new_user():
     
     current_app.logger.debug( "Storing the new password to the databse" )
     
-    password = utils.hash.pbkdf2( password, utils.rand.random_data( config.EMAIL_SALT_LENGTH ), config.PASSWORD_NB_ITERATIONS ).hash()
+    password = utils.hash.pbkdf2( password, utils.rand.random_data( config.PASSWORD_SALT_LENGTH ), config.PASSWORD_NB_ITERATIONS ).hash()
     
     config.db.query( "UPDATE users SET password = %s WHERE username = %s", ( password, username, ) )
     config.db.commit()
-- 
GitLab