Skip to content
Commits on Source (2)
Hide whitespace changes
Inline Side-by-side
views/login/__init__.py
View file @ f7ddb9cb
......@@ -202,6 +202,19 @@ def do_login():
session[ "user_id" ] = user[ "id" ]
session[ "password_check" ] = True
# Check for outdated password and update it in the database if needed
_, _, salt, iterations, _ = user[ "password" ].split( "$" )
if iterations != config.PASSWORD_NB_ITERATIONS or salt.len() != config.PASSWORD_SALT_LENGTH:
new_password = utils.hash.pbkdf2(
form_password,
utils.rand.random_data( config.PASSWORD_SALT_LENGTH ),
config.PASSWORD_NB_ITERATIONS
).hash()
config.db.query( "UPDATE users SET password = %s WHERE id = %s", ( new_password, user[ "id" ] ) )
config.db.commit()
#
current_app.logger.info( "User '{}' checked by password".format( user[ "username" ] ) )
session[ "need_to_check" ].remove( current_check )
......@@ -808,7 +821,7 @@ def password_reset_stage2( user_id ):
userid = data.get( "user_id", None )
if password != None:
password = utils.hash.pbkdf2( password, utils.rand.random_data( config.EMAIL_SALT_LENGTH ), config.EMAIL_NB_ITERATIONS ).hash()
password = utils.hash.pbkdf2( password, utils.rand.random_data( config.PASSWORD_SALT_LENGTH ), config.PASSWORD_NB_ITERATIONS ).hash()
config.db.query( "UPDATE users SET password = %s WHERE id = %s", ( password, userid ) )
config.db.commit()
......
views/newuser/__init__.py
View file @ f7ddb9cb
......@@ -398,7 +398,7 @@ def do_config_new_user():
current_app.logger.debug( "Storing the new password to the databse" )
password = utils.hash.pbkdf2( password, utils.rand.random_data( config.EMAIL_SALT_LENGTH ), config.PASSWORD_NB_ITERATIONS ).hash()
password = utils.hash.pbkdf2( password, utils.rand.random_data( config.PASSWORD_SALT_LENGTH ), config.PASSWORD_NB_ITERATIONS ).hash()
config.db.query( "UPDATE users SET password = %s WHERE username = %s", ( password, username, ) )
config.db.commit()
......