Home Explore Help
Sign In
221V
/
flaskbb
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge pull request #53 from Oloty/master

PBKDF2 => scrypt; fixed postbit bug
sh4nks 10 years ago
parent
b8e2bc7022 89e4f78f15
commit
ce873cda6a
4 changed files with 15 additions and 7 deletions
Split View Show Diff Stats
  1. 1 1
      flaskbb/forum/views.py
  2. 1 1
      flaskbb/templates/forum/topic.html
  3. 12 5
      flaskbb/user/models.py
  4. 1 0
      requirements.txt

+ 1 - 1
flaskbb/forum/views.py
View File 

@@ -188,7 +188,7 @@ def lock_topic(topic_id, slug=None):
 
     # TODO: Bulk lock
 
 
     if not can_moderate(user=current_user, forum=topic.forum):
 
-        flash("Yo do not have the permissions to lock this topic", "danger")
 
+        flash("You do not have the permissions to lock this topic", "danger")
 
         return redirect(topic.url)
 
 
     topic.locked = True

+ 1 - 1
flaskbb/templates/forum/topic.html
View File 

@@ -149,7 +149,7 @@
 
                     <a href="{{ url_for('user.new_message') }}?to_user={{ post.user.username }}">PM</a>
 
                     {% endif %}
 
                     {% if post.user.website %}
 
-                    | <a href="{{post.user.website}}">Website</a>
 
+                    {% if current_user.is_authenticated() %}| {% endif %}<a href="{{post.user.website}}">Website</a>
 
                     {% endif %}
 
                 </span>

+ 12 - 5
flaskbb/user/models.py
View File 

@@ -13,7 +13,7 @@ from datetime import datetime
 
 
 from itsdangerous import TimedJSONWebSignatureSerializer as Serializer
 
 from itsdangerous import SignatureExpired
 
-from werkzeug import generate_password_hash, check_password_hash
 
+from flask.ext.scrypt import generate_random_salt, generate_password_hash, check_password_hash
 
 from flask import current_app, url_for
 
 from flask.ext.login import UserMixin, AnonymousUserMixin
 
 from flaskbb.extensions import db, cache
 
@@ -80,7 +80,8 @@ class User(db.Model, UserMixin):
 
     id = db.Column(db.Integer, primary_key=True)
 
     username = db.Column(db.String(200), unique=True, nullable=False)
 
     email = db.Column(db.String(200), unique=True, nullable=False)
 
-    _password = db.Column('password', db.String(120), nullable=False)
 
+    _password = db.Column('password', db.String(88), nullable=False)
 
+    salt = db.Column(db.String(172), nullable=False)
 
     date_joined = db.Column(db.DateTime, default=datetime.utcnow())
 
     lastseen = db.Column(db.DateTime, default=datetime.utcnow())
 
     birthday = db.Column(db.DateTime)
 
@@ -166,15 +167,21 @@ class User(db.Model, UserMixin):
 
         """
 
         return "<{} {}>".format(self.__class__.__name__, self.username)
 
 
+    def _get_salt(self):
 
+        return self.salt
 
+
 
+    def _set_salt(self):
 
+        self.salt = generate_random_salt(128) #128-bit salt
 
+
 
     def _get_password(self):
 
         """Returns the hashed password"""
 
         return self._password
 
 
     def _set_password(self, password):
 
         """Generates a password hash for the provided password"""
 
-        self._password = generate_password_hash(password)
 
+        self._set_salt()
 
+        self._password = generate_password_hash(password, self._get_salt())
 
 
-    # Hide password encryption by exposing password field only.
 
     password = db.synonym('_password',
 
                           descriptor=property(_get_password,
 
                                               _set_password))
 
@@ -184,7 +191,7 @@ class User(db.Model, UserMixin):
 
 
         if self.password is None:
 
             return False
 
-        return check_password_hash(self.password, password)
 
+        return check_password_hash(password, self.password, self._get_salt())
 
 
     @classmethod
 
     def authenticate(cls, login, password):

+ 1 - 0
requirements.txt
View File 

@@ -8,6 +8,7 @@ Flask-Migrate==1.2.0
 
 Flask-Plugins==1.4
 
 Flask-SQLAlchemy==1.0
 
 Flask-Script==2.0.5
 
+Flask-Scrypt==0.1.3.6
 
 Flask-Themes2==0.1.3
 
 Flask-WTF==0.9.5
 
 Jinja2==2.7.2