login is now configured in the ini file instead of being hardcoded

2025-06-06 18:08:33 +02:00 · 2017-06-13 22:21:31 -04:00 · 2017-06-13 22:21:31 -04:00 · 820768c572
commit 820768c572
parent 6efe28c283
3 changed files with 39 additions and 7 deletions
--- a/app.py
+++ b/app.py
@ -8,6 +8,8 @@ import time
 import math
 import random
 import string
+import configparser
+import bcrypt

 from flask import render_template, redirect

@ -45,15 +47,22 @@ def logout():
    logout_user()
    return redirect('login')

-userAdam = User()
-userAdam.id = 'adam'
+config = configparser.ConfigParser()
+config.read('config.ini')
+
+user = User()
+user.id = config['Login']['username']
+
+hashedPassword = config['Login']['password-hash'].encode('utf-8')

@app.route('/login', methods=['POST'])
 def login_post():
-    if request.form['username'] == 'adam' and request.form['password'] == 'pass':
-        rememberMe = True if request.form['remember-me'] else False
+    inputPassword = request.form['password'].encode('utf-8')

-        login_user(userAdam, remember=rememberMe)
+    if request.form['username'] == user.id and bcrypt.hashpw(inputPassword, hashedPassword) == hashedPassword:
+        rememberMe = True if 'remember-me' in request.form else False
+
+        login_user(user, remember=rememberMe)

        return redirect('app')
    else:
@ -289,8 +298,8 @@ login_manager.login_view = 'login_form'

@login_manager.user_loader
 def load_user(user_id):
-    if user_id == 'adam':
-        return userAdam
+    if user_id == user.id:
+        return user
    else:
        return None

--- a/config.ini
+++ b/config.ini
@ -0,0 +1,5 @@
+[Login]
+# Enter below credentials with with which you want to authenticate to Notecase web app
+username=adam
+# This is bcrypt password hash. You can use generate-password.py (in this directory) to hash your password
+password-hash=$2b$12$jcbhRx6WRbCRogpCckH1hehWrHWgFaFYC3u3ebdVURJX36..fdAca
--- a/generate-password.py
+++ b/generate-password.py
@ -0,0 +1,18 @@
+#!/usr/bin/python
+
+import bcrypt # pip install bcrypt
+import getpass
+
+password1 = getpass.getpass()
+
+print('Repeat the same password:')
+
+password2 = getpass.getpass()
+
+if password1 == password2:
+    salt = bcrypt.gensalt()
+
+    print('Generated hash:')
+    print(bcrypt.hashpw(password1, salt))
+else:
+    print('Entered passwords are not identical!')