Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implementation of Password Security with bcrypt Hashing #105

Open
wants to merge 4 commits into
base: dev
Choose a base branch
from
+23 −10
Open

Implementation of Password Security with bcrypt Hashing #105

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
71e81b1
Synced this branch with Upstream-DEV
01bps Feb 28, 2025
a981f1a
Implement password hashing with bcrypt in userdatahandler.py
01bps Feb 5, 2025
41be6d9
return value set to None
01bps Feb 5, 2025
a9f2cb4
feat(auth): implement secure password hashing with text support
01bps Feb 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 6 additions & 4 deletions Database/userdatahandler.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,7 @@
from datetime import datetime, timedelta
import re

import bcrypt
from flask import session

from Database import DatabaseConfig


Expand All @@ -12,12 +11,15 @@
# Create user in MongoDB
def create_user(firstname: str, lastname: str, email: str, username: str, password: str, accountcreatedtime: datetime):

# Hash the password before storing
salt = bcrypt.gensalt()
hashed_password = bcrypt.hashpw(password.encode('utf-8'), salt)
user_data = {
"first_name" : firstname,
"last_name" : lastname,
"mail_id" : email,
"username" : username,
"password" : password,
"password" : hashed_password,
"account_created_at" : accountcreatedtime,
"role" : "user"
}
Expand Down Expand Up @@ -56,7 +58,7 @@ def get_password_by_username(username: str):
if user:
return user.get("password")
else:
return "user not found!"
return None

# Get user by username from MongoDB
def get_user_by_username(username: str):
Expand Down
23 changes: 17 additions & 6 deletions app.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
from werkzeug.utils import secure_filename
import fitz
from PIL import Image
import bcrypt


from Database.admindatahandler import check_admin_available, create_admin, is_admin
Expand Down Expand Up @@ -109,12 +110,22 @@ def login():
username = request.form['username']
password = request.form['password']
stored_password = get_password_by_username(username)
if stored_password == password:
session['username'] = username # Store the username in session
flash('Login successful!', 'success')
return redirect(url_for("profile"))
else:
flash('Invalid credentials, please try again.', 'danger')

if stored_password:
# Check if stored password is hashed
if isinstance(stored_password, bytes) and stored_password.startswith(b'$2b$'):
# Handle hashed password
is_valid = bcrypt.checkpw(password.encode('utf-8'), stored_password)
else:
# For plain text password
is_valid = (stored_password == password)

if is_valid:
session['username'] = username
flash('Login successful!', 'success')
return redirect(url_for("profile"))

flash('Invalid credentials, please try again.', 'danger')
return render_template("login.html")

# Register a new user
Expand Down