From 611c3d62be497f555f866f90e8cceb2090d8da06 Mon Sep 17 00:00:00 2001
From: "Callum Byrne (byrnec5)" <byrnec5@coventry.ac.uk>
Date: Wed, 27 Oct 2021 09:12:45 +0100
Subject: [PATCH] Add hashing to updateUser() for password changing

---
 app/app.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/app/app.py b/app/app.py
index 3c181a1..705ac08 100644
--- a/app/app.py
+++ b/app/app.py
@@ -220,10 +220,12 @@ def updateUser(userId):
     if flask.request.method == "POST":
         logging.warning("------------------------")
         current = flask.request.form.get("current")
+        hashedCurrent = hashlib.sha512(current.encode()).hexdigest()
         password = flask.request.form.get("password")
+        hashedPw = hashlib.sha512(password.encode()).hexdigest()
         if current:
-            if current == thisUser.password:
-                thisUser.password = password
+            if hashedCurrent == thisUser.password:
+                thisUser.password = hashedPw
                 db.session.commit()
             else:
                 flask.flash("Current Password is incorrect")