diff --git a/change-password.py b/change-password.py index 23b77dbed..06d652101 100644 --- a/change-password.py +++ b/change-password.py @@ -7,6 +7,7 @@ import getpass from Crypto.Cipher import AES from Crypto.Util import Counter import binascii +import src.password_provider import src.my_scrypt @@ -14,9 +15,7 @@ currentPassword = getpass.getpass(prompt="Enter current password: ") currentPasswordHash = binascii.hexlify(src.my_scrypt.getVerificationHash(currentPassword)) -config = src.config_provider.getConfig() - -if currentPasswordHash != config['Login']['passwordHash']: +if currentPasswordHash != src.password_provider.getPasswordHash(): print("Given password doesn't match hash") exit(-1) @@ -32,6 +31,7 @@ if newPassword1 != newPassword2: newPasswordVerificationKey = binascii.hexlify(src.my_scrypt.getVerificationHash(newPassword1)) newPasswordEncryptionKey = src.my_scrypt.getEncryptionHash(newPassword1) +config = src.config_provider.getConfig() src.sql.connect(config['Document']['documentPath']) encryptedNotes = src.sql.getResults("select note_id, note_title, note_text from notes where encryption = 1") @@ -58,17 +58,16 @@ for note in encryptedNotes: reEncryptedTitle = encrypt(decryptedTitle) reEncryptedText = encrypt(decryptedText) - print (reEncryptedTitle) - print (reEncryptedText) - src.sql.execute("update notes set note_title = ?, note_text = ? where note_id = ?", [reEncryptedTitle, reEncryptedText, note['note_id']]) - print("Note " + note['note_id'] + " reencrypted with new password") + print("Note " + note['note_id'] + " re-encrypted with new password") -print("New password hash is: " + newPasswordVerificationKey) -print("Set this value to passwordHash value in config.ini") +src.password_provider.setPasswordHash(newPasswordVerificationKey) + +print("New password has been saved into password.txt") src.sql.commit() -print("Changes committed. All encrypted notes were re-encrypted successfully with new password key.") \ No newline at end of file +print("Changes committed. All encrypted notes were re-encrypted successfully with new password key.") +print("You can now start application and login with new password.") \ No newline at end of file diff --git a/config-sample.ini b/config-sample.ini index 30e919f22..e0964a735 100644 --- a/config-sample.ini +++ b/config-sample.ini @@ -16,5 +16,3 @@ certKeyPath=cert.key [Login] # Enter below credentials with with which you want to authenticate to Notecase web app username=your_username -# This is bcrypt password hash. You can use generate-password.py (in this directory) to hash your password -passwordHash=$2b$12$FHT8keXp3BGTfzAV/VnrkuLpkwN8Vpj5iIh4RwCbHTNWYSBI9hGAK diff --git a/generate-password.py b/generate-password.py index 31ed2568c..ca8bb7a33 100644 --- a/generate-password.py +++ b/generate-password.py @@ -2,6 +2,8 @@ import getpass import src.my_scrypt +import binascii +import src.password_provider password1 = getpass.getpass() password2 = getpass.getpass(prompt='Repeat the same password:') @@ -9,7 +11,8 @@ password2 = getpass.getpass(prompt='Repeat the same password:') if password1 == password2: hash = src.my_scrypt.getVerificationHash(password1) - print('Generated password hash:') - print(hash) + src.password_provider.setPasswordHash(binascii.hexlify(hash)) + + print('Password has been generated and saved into password.txt. You can now login.') else: print('Entered passwords are not identical!') \ No newline at end of file diff --git a/src/app.py b/src/app.py index 3c440ce98..8ff1729c1 100644 --- a/src/app.py +++ b/src/app.py @@ -13,6 +13,7 @@ from notes_move_api import notes_move_api from password_api import password_api import config_provider import my_scrypt +import password_provider config = config_provider.getConfig() @@ -53,21 +54,21 @@ documentPath = config['Document']['documentPath'] connect(documentPath) -hashedPassword = config['Login']['passwordHash'].encode('utf-8') +hashedPassword = password_provider.getPasswordHash() def verify_password(hex_hashed_password, guessed_password): hashed_password = binascii.unhexlify(hex_hashed_password) - hashed = my_scrypt.getVerificationHash(guessed_password) + guess_hashed = my_scrypt.getVerificationHash(guessed_password) - return hashed == hashed_password + return guess_hashed == hashed_password @app.route('/login', methods=['POST']) def login_post(): - inputPassword = request.form['password'].encode('utf-8') + guessedPassword = request.form['password'].encode('utf-8') - if request.form['username'] == user.id and verify_password(hashedPassword, inputPassword): + if request.form['username'] == user.id and verify_password(hashedPassword, guessedPassword): rememberMe = True if 'remember-me' in request.form else False login_user(user, remember=rememberMe) diff --git a/src/password_api.py b/src/password_api.py index ce93fcaa9..83cb8ea7b 100644 --- a/src/password_api.py +++ b/src/password_api.py @@ -2,7 +2,7 @@ from flask import Blueprint, jsonify, request from flask_login import login_required import hashlib import binascii -import config_provider +import password_provider password_api = Blueprint('password_api', __name__) @@ -11,9 +11,7 @@ password_api = Blueprint('password_api', __name__) def verifyPassword(): req = request.get_json(force=True) - config = config_provider.getConfig() - - hashedPassword = config['Login']['passwordHash'].encode('utf-8') + hashedPassword = password_provider.getPasswordHash() hashedPasswordBytes = binascii.unhexlify(hashedPassword) hashedPasswordSha = hashlib.sha256(hashedPasswordBytes).hexdigest() diff --git a/src/password_provider.py b/src/password_provider.py new file mode 100644 index 000000000..65aff814d --- /dev/null +++ b/src/password_provider.py @@ -0,0 +1,7 @@ +def getPasswordHash(): + with open('password.txt') as file: + return file.readline() + +def setPasswordHash(newPasswordHash): + with open('password.txt', 'w') as file: + file.write(newPasswordHash)