1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/ihatemoney_ynh.git synced 2024-09-03 19:26:15 +02:00

Implement a _hash_password helper that only requires standard python lib.

This commit is contained in:
Félix Piédallu 2023-09-05 21:14:47 +02:00 committed by Salamandar
parent fc087b14a6
commit 4093b18e9b
5 changed files with 21 additions and 25 deletions

View file

@ -1,5 +0,0 @@
#!/usr/bin/env python
import sys
from werkzeug.security import generate_password_hash
print(generate_password_hash(sys.argv[1]))

View file

@ -43,6 +43,23 @@ __ynh_python_venv_get_site_packages_dir() {
"$venv_dir/bin/python3" -c 'import sysconfig; print(sysconfig.get_paths()["purelib"])'
}
# shellcheck disable=SC2016
HASH_PASSWORD_PYTHON='
import sys, hashlib, uuid
password = sys.argv[1].encode("utf-8")
salt_text = uuid.uuid4().hex
salt = salt_text.encode("utf-8")
pbkdf2_iterations = 600000
hash = hashlib.pbkdf2_hmac("sha256", password, salt, pbkdf2_iterations).hex()
print(f"pbkdf2:sha256:{pbkdf2_iterations}${salt_text}${hash}")
'
_hash_password() {
password=$1
python3 -c "$HASH_PASSWORD_PYTHON" "$password"
}
#=================================================
# EXPERIMENTAL HELPERS

View file

@ -32,7 +32,7 @@ ynh_change_url_nginx_config
#=================================================
# Setup ihatemoney.cfg
#=================================================
#REMOVEME?
path="$new_path"
domain="$new_domain"

View file

@ -41,15 +41,7 @@ ynh_script_progression --message="Adding a configuration file..."
secret_key=$(ynh_string_random --length=32)
ynh_app_setting_set --app=$app --key=secret_key --value=$secret_key
#run source in a 'sub shell'
(
set +o nounset
source "${install_dir}/venv/bin/activate"
set -o nounset
python3 ../conf/hash_generator.py $password > ${install_dir}/key.txt
)
hashed_password=$(cat "$install_dir/key.txt")
hashed_password=$(_hash_password "$password")
ynh_secure_remove --file="$install_dir/key.txt"
ynh_app_setting_set --app=$app --key=hashed_password --value=$hashed_password

View file

@ -76,17 +76,9 @@ if [ -z "${secret_key:-}" ]; then
fi
# If hashed_password doesn't exist, create it
if [ -z "${hashed_password:-}" ] && [ test -f "${install_dir}/venv/bin/activate" ]; then
if [ -z "${hashed_password:-}" ]; then
password=$(ynh_string_random --length=16)
#run source in a 'sub shell'
(
set +o nounset
source "${install_dir}/venv/bin/activate"
set -o nounset
python3 ../conf/hash_generator.py $password > ${install_dir}/key.txt
)
hashed_password=$(cat $install_dir/key.txt)
hashed_password=$(_hash_password "$password")
ynh_secure_remove --file="$install_dir/key.txt"
ynh_app_setting_set --app=$app --key=hashed_password --value=$hashed_password
fi