From b8b15ba0880272b9b6c316d55def1bfa6d20398c Mon Sep 17 00:00:00 2001 From: "Armandas Barkauskas (barkausa)" Date: Tue, 26 Oct 2021 19:12:38 +0300 Subject: [PATCH 1/2] Typo fix --- .gitignore | 3 ++- app/app.py | 6 +----- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index e4e5f6c..1054fbd 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ -*~ \ No newline at end of file +*~ +app/__pycache__ \ No newline at end of file diff --git a/app/app.py b/app/app.py index 2df8db2..3c181a1 100644 --- a/app/app.py +++ b/app/app.py @@ -48,19 +48,15 @@ def index(): return flask.render_template("index.html", bookList = bookQry) - @app.route("/about") def about(): return flask.render_template("about.html") - - @app.route("/login", methods=["GET", "POST"]) def login(): - prev = flask.request.args.get("prev") if not prev: - prev == "index" + prev = "index" if flask.request.method == "POST": #Get data From 611c3d62be497f555f866f90e8cceb2090d8da06 Mon Sep 17 00:00:00 2001 From: "Callum Byrne (byrnec5)" Date: Wed, 27 Oct 2021 09:12:45 +0100 Subject: [PATCH 2/2] Add hashing to updateUser() for password changing --- app/app.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/app/app.py b/app/app.py index 3c181a1..705ac08 100644 --- a/app/app.py +++ b/app/app.py @@ -220,10 +220,12 @@ def updateUser(userId): if flask.request.method == "POST": logging.warning("------------------------") current = flask.request.form.get("current") + hashedCurrent = hashlib.sha512(current.encode()).hexdigest() password = flask.request.form.get("password") + hashedPw = hashlib.sha512(password.encode()).hexdigest() if current: - if current == thisUser.password: - thisUser.password = password + if hashedCurrent == thisUser.password: + thisUser.password = hashedPw db.session.commit() else: flask.flash("Current Password is incorrect")