Notes/src/password_api.py

from flask import Blueprint, jsonify, request
from flask_login import login_required
import hashlib
import binascii
import sql

password_api = Blueprint('password_api', __name__)

@password_api.route('/password/verify', methods = ['POST'])
@login_required
def verifyPassword():
    req = request.get_json(force=True)

    hashedPassword = sql.getOption('password')
    hashedPasswordBytes = binascii.unhexlify(hashedPassword)
    hashedPasswordSha = hashlib.sha256(hashedPasswordBytes).hexdigest()

    isValid = req['password'] == hashedPasswordSha

    return jsonify({
        'valid': isValid
    })
verifying password with hash on the backend to make sure we don't decrypt garbage and also to make sure that everything is encrypted with same password/key 2017-09-05 21:22:16 -04:00			`from flask import Blueprint, jsonify, request`
			`from flask_login import login_required`
			`import hashlib`
			`import binascii`
username, password and flask_secret_key are now persisted in database 2017-09-12 21:06:09 -04:00			`import sql`
verifying password with hash on the backend to make sure we don't decrypt garbage and also to make sure that everything is encrypted with same password/key 2017-09-05 21:22:16 -04:00
			`password_api = Blueprint('password_api', __name__)`

			`@password_api.route('/password/verify', methods = ['POST'])`
			`@login_required`
			`def verifyPassword():`
			`req = request.get_json(force=True)`

username, password and flask_secret_key are now persisted in database 2017-09-12 21:06:09 -04:00			`hashedPassword = sql.getOption('password')`
verifying password with hash on the backend to make sure we don't decrypt garbage and also to make sure that everything is encrypted with same password/key 2017-09-05 21:22:16 -04:00			`hashedPasswordBytes = binascii.unhexlify(hashedPassword)`
			`hashedPasswordSha = hashlib.sha256(hashedPasswordBytes).hexdigest()`

			`isValid = req['password'] == hashedPasswordSha`

			`return jsonify({`
			`'valid': isValid`
			`})`