Add pepper

d065c854 · Trevor Austin · 65c1fe82 · d065c854
Commit d065c854 authored Feb 17, 2021 by Trevor Austin
Showing with 4 additions and 3 deletions
week_6/examples/passwords/app.py
--- a/week_6/examples/passwords/app.py
+++ b/week_6/examples/passwords/app.py
@@ -14,6 +14,7 @@ config.read('secrets.cfg')
 DB_NAME = 'passwords'
 DB_USERNAME = config['secrets']['DB_USERNAME']
 DB_PASSWORD = config['secrets']['DB_PASSWORD']
+PEPPER = config['secrets']['PEPPER']

 @app.route('/')
 def index():
@@ -28,8 +29,8 @@ def signup ():
    print(body)

    username = body['username']
-    password = body['password'].encode('utf-8')
-    hashed = bcrypt.hashpw(password, bcrypt.gensalt())
+    password = body['password'] + PEPPER
+    hashed = bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt())

    connection = mysql.connector.connect(user=DB_USERNAME, database=DB_NAME, password=DB_PASSWORD)
    cursor = connection.cursor()
@@ -70,7 +71,7 @@ def login ():
        print(password)
        print(hashed)

-        if bcrypt.checkpw(password.encode('utf-8'), hashed.encode('utf-8')):
+        if bcrypt.checkpw((password+PEPPER).encode('utf-8'), hashed.encode('utf-8')):
            return {}
        return {}, 404
    except Exception as e: