password is moved out of config file into separate generated file

2025-06-06 18:08:33 +02:00 · 2017-09-09 14:21:57 -04:00 · 2017-09-09 14:21:57 -04:00 · c06c837904
commit c06c837904
parent 22749f252b
6 changed files with 29 additions and 23 deletions
--- a/change-password.py
+++ b/change-password.py
@ -7,6 +7,7 @@ import getpass
 from Crypto.Cipher import AES
 from Crypto.Util import Counter
 import binascii
+import src.password_provider

 import src.my_scrypt

@ -14,9 +15,7 @@ currentPassword = getpass.getpass(prompt="Enter current password: ")

 currentPasswordHash = binascii.hexlify(src.my_scrypt.getVerificationHash(currentPassword))

-config = src.config_provider.getConfig()
-
-if currentPasswordHash != config['Login']['passwordHash']:
+if currentPasswordHash != src.password_provider.getPasswordHash():
    print("Given password doesn't match hash")
    exit(-1)

@ -32,6 +31,7 @@ if newPassword1 != newPassword2:
 newPasswordVerificationKey = binascii.hexlify(src.my_scrypt.getVerificationHash(newPassword1))
 newPasswordEncryptionKey = src.my_scrypt.getEncryptionHash(newPassword1)

+config = src.config_provider.getConfig()
 src.sql.connect(config['Document']['documentPath'])

 encryptedNotes = src.sql.getResults("select note_id, note_title, note_text from notes where encryption = 1")
@ -58,17 +58,16 @@ for note in encryptedNotes:
    reEncryptedTitle = encrypt(decryptedTitle)
    reEncryptedText = encrypt(decryptedText)

-    print (reEncryptedTitle)
-    print (reEncryptedText)
-
    src.sql.execute("update notes set note_title = ?, note_text = ? where note_id = ?",
                    [reEncryptedTitle, reEncryptedText, note['note_id']])

-    print("Note " + note['note_id'] + " reencrypted with new password")
+    print("Note " + note['note_id'] + " re-encrypted with new password")

-print("New password hash is: " + newPasswordVerificationKey)
-print("Set this value to passwordHash value in config.ini")
+src.password_provider.setPasswordHash(newPasswordVerificationKey)
+
+print("New password has been saved into password.txt")

 src.sql.commit()

-print("Changes committed. All encrypted notes were re-encrypted successfully with new password key.")
+print("Changes committed. All encrypted notes were re-encrypted successfully with new password key.")
+print("You can now start application and login with new password.")
--- a/config-sample.ini
+++ b/config-sample.ini
@ -16,5 +16,3 @@ certKeyPath=cert.key
 [Login]
 # Enter below credentials with with which you want to authenticate to Notecase web app
 username=your_username
-# This is bcrypt password hash. You can use generate-password.py (in this directory) to hash your password
-passwordHash=$2b$12$FHT8keXp3BGTfzAV/VnrkuLpkwN8Vpj5iIh4RwCbHTNWYSBI9hGAK
--- a/generate-password.py
+++ b/generate-password.py
@ -2,6 +2,8 @@

 import getpass
 import src.my_scrypt
+import binascii
+import src.password_provider

 password1 = getpass.getpass()
 password2 = getpass.getpass(prompt='Repeat the same password:')
@ -9,7 +11,8 @@ password2 = getpass.getpass(prompt='Repeat the same password:')
 if password1 == password2:
    hash = src.my_scrypt.getVerificationHash(password1)

-    print('Generated password hash:')
-    print(hash)
+    src.password_provider.setPasswordHash(binascii.hexlify(hash))
+
+    print('Password has been generated and saved into password.txt. You can now login.')
 else:
    print('Entered passwords are not identical!')
--- a/src/app.py
+++ b/src/app.py
@ -13,6 +13,7 @@ from notes_move_api import notes_move_api
 from password_api import password_api
 import config_provider
 import my_scrypt
+import password_provider

 config = config_provider.getConfig()

@ -53,21 +54,21 @@ documentPath = config['Document']['documentPath']

 connect(documentPath)

-hashedPassword = config['Login']['passwordHash'].encode('utf-8')
+hashedPassword = password_provider.getPasswordHash()


 def verify_password(hex_hashed_password, guessed_password):
    hashed_password = binascii.unhexlify(hex_hashed_password)

-    hashed = my_scrypt.getVerificationHash(guessed_password)
+    guess_hashed = my_scrypt.getVerificationHash(guessed_password)

-    return hashed == hashed_password
+    return guess_hashed == hashed_password

@app.route('/login', methods=['POST'])
 def login_post():
-    inputPassword = request.form['password'].encode('utf-8')
+    guessedPassword = request.form['password'].encode('utf-8')

-    if request.form['username'] == user.id and verify_password(hashedPassword, inputPassword):
+    if request.form['username'] == user.id and verify_password(hashedPassword, guessedPassword):
        rememberMe = True if 'remember-me' in request.form else False

        login_user(user, remember=rememberMe)
--- a/src/password_api.py
+++ b/src/password_api.py
@ -2,7 +2,7 @@ from flask import Blueprint, jsonify, request
 from flask_login import login_required
 import hashlib
 import binascii
-import config_provider
+import password_provider

 password_api = Blueprint('password_api', __name__)

@ -11,9 +11,7 @@ password_api = Blueprint('password_api', __name__)
 def verifyPassword():
    req = request.get_json(force=True)

-    config = config_provider.getConfig()
-
-    hashedPassword = config['Login']['passwordHash'].encode('utf-8')
+    hashedPassword = password_provider.getPasswordHash()
    hashedPasswordBytes = binascii.unhexlify(hashedPassword)
    hashedPasswordSha = hashlib.sha256(hashedPasswordBytes).hexdigest()

--- a/src/password_provider.py
+++ b/src/password_provider.py
@ -0,0 +1,7 @@
+def getPasswordHash():
+    with open('password.txt') as file:
+        return file.readline()
+
+def setPasswordHash(newPasswordHash):
+    with open('password.txt', 'w') as file:
+        file.write(newPasswordHash)