diff options
| author | Steve Piercy <web@stevepiercy.com> | 2016-07-21 17:15:40 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-07-21 17:15:40 -0700 |
| commit | 707a464da4264a3de48a160ae52065fa683e35c1 (patch) | |
| tree | 3927261bdfdabdd0cdf52bde812efb620f6724f7 /docs/quick_tutorial/authorization | |
| parent | 4841c104e5c717809bf7620ea653e5856595c845 (diff) | |
| parent | f197dd79dd40d70cae9ee1f9d3ee25e86fbc989d (diff) | |
| download | pyramid-707a464da4264a3de48a160ae52065fa683e35c1.tar.gz pyramid-707a464da4264a3de48a160ae52065fa683e35c1.tar.bz2 pyramid-707a464da4264a3de48a160ae52065fa683e35c1.zip | |
Merge pull request #2716 from keitheis/quick_tutorial_hashpw_bcrypt
Add one-way password hash to security example in Quick Tutorial.
Diffstat (limited to 'docs/quick_tutorial/authorization')
| -rw-r--r-- | docs/quick_tutorial/authorization/setup.py | 3 | ||||
| -rw-r--r-- | docs/quick_tutorial/authorization/tutorial/security.py | 16 | ||||
| -rw-r--r-- | docs/quick_tutorial/authorization/tutorial/views.py | 7 |
3 files changed, 21 insertions, 5 deletions
diff --git a/docs/quick_tutorial/authorization/setup.py b/docs/quick_tutorial/authorization/setup.py index 2221b72e9..7a6ff4226 100644 --- a/docs/quick_tutorial/authorization/setup.py +++ b/docs/quick_tutorial/authorization/setup.py @@ -2,7 +2,8 @@ from setuptools import setup requires = [ 'pyramid', - 'pyramid_chameleon' + 'pyramid_chameleon', + 'bcrypt' ] setup(name='tutorial', diff --git a/docs/quick_tutorial/authorization/tutorial/security.py b/docs/quick_tutorial/authorization/tutorial/security.py index ab90bab2c..e585e2642 100644 --- a/docs/quick_tutorial/authorization/tutorial/security.py +++ b/docs/quick_tutorial/authorization/tutorial/security.py @@ -1,5 +1,17 @@ -USERS = {'editor': 'editor', - 'viewer': 'viewer'} +import bcrypt + + +def hash_password(pw): + pwhash = bcrypt.hashpw(pw.encode('utf8'), bcrypt.gensalt()) + return pwhash.decode('utf8') + +def check_password(pw, hashed_pw): + expected_hash = hashed_pw.encode('utf8') + return bcrypt.checkpw(pw.encode('utf8'), expected_hash) + + +USERS = {'editor': hash_password('editor'), + 'viewer': hash_password('viewer')} GROUPS = {'editor': ['group:editors']} diff --git a/docs/quick_tutorial/authorization/tutorial/views.py b/docs/quick_tutorial/authorization/tutorial/views.py index 43d14455a..b2dc905c0 100644 --- a/docs/quick_tutorial/authorization/tutorial/views.py +++ b/docs/quick_tutorial/authorization/tutorial/views.py @@ -10,7 +10,10 @@ from pyramid.view import ( forbidden_view_config ) -from .security import USERS +from .security import ( + USERS, + check_password +) @view_defaults(renderer='home.pt') @@ -42,7 +45,7 @@ class TutorialViews: if 'form.submitted' in request.params: login = request.params['login'] password = request.params['password'] - if USERS.get(login) == password: + if check_password(password, USERS.get(login)): headers = remember(request, login) return HTTPFound(location=came_from, headers=headers) |