Tools/Notes
1
0
Fork 0
mirror of https://github.com/TriliumNext/Notes.git synced 2025-07-28 02:22:26 +08:00
Code Issues Packages Projects Releases Wiki Activity
Notes/src/password_api.py

24 lines
679 B
Python
Raw Normal View History

verifying password with hash on the backend to make sure we don't decrypt garbage and also to make sure that everything is encrypted with same password/key
2017-09-05 21:22:16 -04:00
from flask import Blueprint, jsonify, request
from flask_login import login_required
import hashlib
import binascii
password change (reencryption)
2017-09-09 13:53:58 -04:00
import config_provider
verifying password with hash on the backend to make sure we don't decrypt garbage and also to make sure that everything is encrypted with same password/key
2017-09-05 21:22:16 -04:00
password_api = Blueprint('password_api', __name__)
@password_api.route('/password/verify', methods = ['POST'])
@login_required
def verifyPassword():
req = request.get_json(force=True)
password change (reencryption)
2017-09-09 13:53:58 -04:00
config = config_provider.getConfig()
verifying password with hash on the backend to make sure we don't decrypt garbage and also to make sure that everything is encrypted with same password/key
2017-09-05 21:22:16 -04:00
password change (reencryption)
2017-09-09 13:53:58 -04:00
hashedPassword = config['Login']['passwordHash'].encode('utf-8')
verifying password with hash on the backend to make sure we don't decrypt garbage and also to make sure that everything is encrypted with same password/key
2017-09-05 21:22:16 -04:00
hashedPasswordBytes = binascii.unhexlify(hashedPassword)
hashedPasswordSha = hashlib.sha256(hashedPasswordBytes).hexdigest()
isValid = req['password'] == hashedPasswordSha
return jsonify({
'valid': isValid
})
Reference in New Issue Copy Permalink