From 820768c572e70d7e16cdd68e13bf4affd52a71b5 Mon Sep 17 00:00:00 2001
From: azivner <adam.zivner@gmail.com>
Date: Tue, 13 Jun 2017 22:21:31 -0400
Subject: [PATCH] login is now configured in the ini file instead of being
 hardcoded

---
 app.py               | 23 ++++++++++++++++-------
 config.ini           |  5 +++++
 generate-password.py | 18 ++++++++++++++++++
 3 files changed, 39 insertions(+), 7 deletions(-)
 create mode 100644 config.ini
 create mode 100644 generate-password.py

diff --git a/app.py b/app.py
index c0cf58e71..ac19741ce 100644
--- a/app.py
+++ b/app.py
@@ -8,6 +8,8 @@ import time
 import math
 import random
 import string
+import configparser
+import bcrypt
 
 from flask import render_template, redirect
 
@@ -45,15 +47,22 @@ def logout():
     logout_user()
     return redirect('login')
 
-userAdam = User()
-userAdam.id = 'adam'
+config = configparser.ConfigParser()
+config.read('config.ini')
+
+user = User()
+user.id = config['Login']['username']
+
+hashedPassword = config['Login']['password-hash'].encode('utf-8')
 
 @app.route('/login', methods=['POST'])
 def login_post():
-    if request.form['username'] == 'adam' and request.form['password'] == 'pass':
-        rememberMe = True if request.form['remember-me'] else False
+    inputPassword = request.form['password'].encode('utf-8')
 
-        login_user(userAdam, remember=rememberMe)
+    if request.form['username'] == user.id and bcrypt.hashpw(inputPassword, hashedPassword) == hashedPassword:
+        rememberMe = True if 'remember-me' in request.form else False
+
+        login_user(user, remember=rememberMe)
 
         return redirect('app')
     else:
@@ -289,8 +298,8 @@ login_manager.login_view = 'login_form'
 
 @login_manager.user_loader
 def load_user(user_id):
-    if user_id == 'adam':
-        return userAdam
+    if user_id == user.id:
+        return user
     else:
         return None
 
diff --git a/config.ini b/config.ini
new file mode 100644
index 000000000..695f0a70b
--- /dev/null
+++ b/config.ini
@@ -0,0 +1,5 @@
+[Login]
+# Enter below credentials with with which you want to authenticate to Notecase web app
+username=adam
+# This is bcrypt password hash. You can use generate-password.py (in this directory) to hash your password
+password-hash=$2b$12$jcbhRx6WRbCRogpCckH1hehWrHWgFaFYC3u3ebdVURJX36..fdAca
\ No newline at end of file
diff --git a/generate-password.py b/generate-password.py
new file mode 100644
index 000000000..f47468c96
--- /dev/null
+++ b/generate-password.py
@@ -0,0 +1,18 @@
+#!/usr/bin/python
+
+import bcrypt # pip install bcrypt
+import getpass
+
+password1 = getpass.getpass()
+
+print('Repeat the same password:')
+
+password2 = getpass.getpass()
+
+if password1 == password2:
+    salt = bcrypt.gensalt()
+
+    print('Generated hash:')
+    print(bcrypt.hashpw(password1, salt))
+else:
+    print('Entered passwords are not identical!')
\ No newline at end of file