aljaz/CTFd
1
0
Fork 0
mirror of https://github.com/aljazceru/CTFd.git synced 2025-12-17 14:04:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Accidentally still using old password hashing in forgot password

Browse Source
This commit is contained in:
Kevin Chung
2015-05-13 13:07:46 -04:00
parent 3a2323b0ae
commit 65ae712c68
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CTFd/auth.py
View File

@@ -30,7 +30,7 @@ def init_auth(app):
except BadTimeSignature: except BadTimeSignature:
return render_template('reset_password.html', errors=['Your link has expired']) return render_template('reset_password.html', errors=['Your link has expired'])
team = Teams.query.filter_by(name=name).first() team = Teams.query.filter_by(name=name).first()
team.password = sha512(request.form['password'].strip()) team.password = bcrypt_sha256.encrypt(request.form['password'].strip())
db.session.commit() db.session.commit()
db.session.close() db.session.close()
return redirect('/login') return redirect('/login')
@@ -107,7 +107,6 @@ Did you initiate a password reset?
if request.method == 'POST': if request.method == 'POST':
errors = [] errors = []
name = request.form['name'] name = request.form['name']
# team = Teams.query.filter_by(name=request.form['name'], password=sha512(request.form['password'])).first()
team = Teams.query.filter_by(name=name).first() team = Teams.query.filter_by(name=name).first()
if team and bcrypt_sha256.verify(request.form['password'], team.password): if team and bcrypt_sha256.verify(request.form['password'], team.password):
try: try: