aboutsummaryrefslogtreecommitdiff
path: root/gn3/auth
diff options
context:
space:
mode:
Diffstat (limited to 'gn3/auth')
-rw-r--r--gn3/auth/authentication/users.py12
1 files changed, 9 insertions, 3 deletions
diff --git a/gn3/auth/authentication/users.py b/gn3/auth/authentication/users.py
index 54838a3..5ee148f 100644
--- a/gn3/auth/authentication/users.py
+++ b/gn3/auth/authentication/users.py
@@ -2,7 +2,8 @@
from uuid import UUID, uuid4
from typing import Any, Tuple, NamedTuple
-import bcrypt
+from argon2 import PasswordHasher
+from argon2.exceptions import VerifyMismatchError
from gn3.auth import db
from gn3.auth.authorisation.errors import NotFoundError
@@ -60,7 +61,11 @@ def valid_login(conn: db.DbConnection, user: User, password: str) -> bool:
if row is None:
return False
- return bcrypt.checkpw(password.encode("utf-8"), row["password"])
+ hasher = PasswordHasher() # TODO: Maybe tune the parameters here...
+ try:
+ return hasher.verify(row["password"], password)
+ except VerifyMismatchError as _vme:
+ return False
def save_user(cursor: db.DbCursor, email: str, name: str) -> User:
"""
@@ -79,7 +84,8 @@ def save_user(cursor: db.DbCursor, email: str, name: str) -> User:
def set_user_password(
cursor: db.DbCursor, user: User, password: str) -> Tuple[User, bytes]:
"""Set the given user's password in the database."""
- hashed_password = bcrypt.hashpw(password.encode("utf8"), bcrypt.gensalt())
+ hasher = PasswordHasher() # TODO: Maybe tune the parameters here...
+ hashed_password = hasher.hash(password)
cursor.execute(
("INSERT INTO user_credentials VALUES (:user_id, :hash) "
"ON CONFLICT (user_id) DO UPDATE SET password=:hash"),