Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implementation of Password Security with bcrypt Hashing #105

Open
wants to merge 4 commits into
base: dev
Choose a base branch
from
Open

Implementation of Password Security with bcrypt Hashing #105

wants to merge 4 commits into from

Conversation

01bps
Copy link
Contributor

@01bps 01bps commented Feb 28, 2025
edited
Loading

What:

This PR introduces the use of bcrypt for secure password hashing in the authentication system. It replaces plain-text password verification with bcrypt checks, ensuring that passwords are stored and verified securely.

Why:

Previously, passwords were stored in plain text, posing security risks.
This implementation strengthens authentication by:

  • Ensuring passwords are hashed before storage.
  • Using unique salts for each password to to increase security and prevent hash collisions.
  • Verifying passwords securely with bcrypt.

How:

  • Introduced bcrypt in userdatahandler.py to hash passwords before storing them.
  • Updated the create_user() function to hash passwords before saving.
  • Modified the get_password_by_username() function to return the hashed password.
  • Ensured the login authentication checks both hashed and plain-text passwords, allowing seamless transition for users with older accounts.

Key Changes:

  • Added bcrypt import to handle password hashing.
  • Updated create_user() to hash the password before storing it.
  • Modified get_password_by_username() to return the hashed password.
  • Updated the login route to verify passwords securely using bcrypt.checkpw()

Previously:

image

Now,the password of new users will be stored as:

0012

Checklist:

01bps added 4 commits February 28, 2025 18:56
@01bps
Synced this branch with Upstream-DEV
71e81b1 
Signed-off-by: Bagwan <[email protected]>
@01bps
Implement password hashing with bcrypt in userdatahandler.py
a981f1a 
- Added bcrypt import to handle password hashing.
- Updated create_user() to hash the password before storing it.
- Modified get_password_by_username() to return the hashed password.

Signed-off-by: Bagwan <[email protected]>
@01bps
return value set to None
41be6d9 
Signed-off-by: Bagwan <[email protected]>
@01bps
feat(auth): implement secure password hashing with text support
a9f2cb4 
- Maintain backward compatibility for existing plain-text passwords
- Update login verification to handle both hashed and legacy passwords

Signed-off-by: Bagwan <[email protected]>
@01bps
Copy link
Contributor Author

01bps commented Feb 28, 2025
edited
Loading

I’ve made sure that the login authentication checks both hashed and plain-text passwords, ensuring a smooth transition for users with older accounts.
If necessary, we can remove this before deployment to fully transition to using only hashed passwords.

@pradeeban This PR is ready for review.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@01bps