views/adm/__init__.py

@@ -6,7 +6,7 @@ from flask import jsonify, session, redirect, url_for
 
 import config
 
-from version import __version__, __branch__, __commit__, __commiturl__, __treeurl__
+import version
 
 import utils
 
@@ -20,7 +20,7 @@ def ping():
     return "pong"
 
 @adm_view.route( "/version" )
-def version():
+def route_version():
     """
         Function to report the version of the web app. The version.py file is
         re-generated by the CI/CD for production.
@@ -28,11 +28,11 @@ def version():
     try:
         return jsonify( {
             "error": False,
-            "version": __version__,
-            "branch": __branch__,
-            "commit": __commit__,
-            "commiturl": __commiturl__,
-            "treeurl": __treeurl__
+            "version": version.__version__,
+            "branch": version.__branch__,
+            "commit": version.__commit__,
+            "commiturl": version.__commiturl__,
+            "treeurl": version.__treeurl__
         } )
 
     except:

views/login/__init__.py

@@ -204,8 +204,9 @@ def do_login():
             
             # Check for outdated password and update it in the database if needed
             _, _, salt, iterations, _ = user[ "password" ].split( "$" )
+            iterations = int( iterations )
             
-            if iterations != config.PASSWORD_NB_ITERATIONS or salt.len() != config.PASSWORD_SALT_LENGTH:
+            if iterations != config.PASSWORD_NB_ITERATIONS or len( salt ) != config.PASSWORD_SALT_LENGTH:
                 new_password = utils.hash.pbkdf2(
                     form_password,
                     utils.rand.random_data( config.PASSWORD_SALT_LENGTH ),
@@ -748,7 +749,7 @@ def do_password_reset_thread( email, localapp ):
         return False
 
     else:
-        users = config.db.query_fetchall( "SELECT id, username, email FROM users" )
+        users = config.db.query_fetchall( "SELECT id, username, email FROM users ORDER BY username ASC" )
         
         found = []
         
@@ -759,6 +760,22 @@ def do_password_reset_thread( email, localapp ):
                 continue
             
             elif utils.hash.pbkdf2( email ).verify( user[ "email" ] ):
+                # Check outdated email hash
+                _, _, salt, iterations, _ = user[ "email" ].split( "$" )
+                iterations = int( iterations )
+                
+                if iterations != config.EMAIL_NB_ITERATIONS or len( salt ) != config.EMAIL_SALT_LENGTH:
+                    new_email_hash = utils.hash.pbkdf2(
+                        email,
+                        utils.rand.random_data( config.EMAIL_SALT_LENGTH ),
+                        config.EMAIL_NB_ITERATIONS
+                    ).hash()
+                    
+                    config.db.query( "UPDATE users SET email = %s WHERE id = %s", ( new_email_hash, user[ "id" ] ) )
+                    config.db.commit()
+                
+                ####################################################################
+                
                 user_id = hashlib.sha512( utils.rand.random_data( 100 ) ).hexdigest()
                 
                 ####################################################################

views/login/templates/login/login.html

@@ -364,7 +364,7 @@
         
         /* Get the version of ICNML */
         $.ajax( {
-            url: "{{ url_for( 'adm.version' ) }}",
+            url: "{{ url_for( 'adm.route_version' ) }}",
             dataType: "json",
             method: "GET",
             success: function( data ){