Przeglądaj źródła

adding encryption to session id and email

Jose R Ortiz Ubarri 4 lat temu
rodzic
commit
9633172ba6
2 zmienionych plików z 19 dodań i 7 usunięć
  1. 18
    5
      authlib.py
  2. 1
    2
      registro-run.py

+ 18
- 5
authlib.py Wyświetl plik

@@ -1,5 +1,6 @@
1 1
 
2
-import hashlib, time
2
+import hashlib, time, json
3
+from cryptography.fernet import Fernet
3 4
 from connect import connection, engine, metadata
4 5
 import sqlalchemy as db
5 6
 
@@ -9,6 +10,15 @@ def hash_pass(password):
9 10
 class Auth:
10 11
     def __init__(self, session, expire=0):
11 12
         self.session = session
13
+        self.id = None
14
+        self.email = None
15
+        self.fernet = Fernet(b'3UH3USxvBcFITpnVa2gvTUIMO5jbc8jqU_Q1O6SNBLs=')
16
+
17
+        if session.get("id"):
18
+            value = json.loads(self.fernet.decrypt(session["id"]))
19
+            self.id = value["id"]
20
+            self.email = value["email"]
21
+        # Remember to always change
12 22
         self.expire=expire
13 23
 
14 24
     def checkAuth(self):
@@ -21,8 +31,11 @@ class Auth:
21 31
 
22 32
     def setAuth(self, id, email):
23 33
         self.session["gallitosccom"] = True
24
-        self.session["id"] = id
25
-        self.session["email"] = email
34
+        self.id = id
35
+        self.email = email
36
+        # self.session["id"] = id
37
+        # self.session["email"] = email
38
+        self.session["id"] = self.fernet(json.dumps({"id": id, "email": email}))
26 39
         if self.expire:
27 40
             self.session["tiempo"] = time.time()
28 41
 
@@ -30,7 +43,7 @@ class Auth:
30 43
         if self.session.get("gallitosccom"):
31 44
             self.session.pop("gallitosccom", None)
32 45
             self.session.pop("id", None)
33
-            self.session.pop("email", None)
46
+            # self.session.pop("email", None)
34 47
 
35 48
     def do_login(self, username, password):
36 49
         password = hash_pass(password)
@@ -62,7 +75,7 @@ class Auth:
62 75
         usuarios = db.Table('usuarios', metadata, autoload=True, autoload_with=engine)
63 76
         role = db.Table(table, metadata, autoload=True, autoload_with=engine)
64 77
         query = db.select([usuarios, role])
65
-        query = query.select_from(usuarios.join(role, usuarios.columns.id == role.columns.user_id)).where(role.columns.user_id == self.session["id"])
78
+        query = query.select_from(usuarios.join(role, usuarios.columns.id == role.columns.user_id)).where(role.columns.user_id == self.id)
66 79
         result = connection.execute(query).fetchone()
67 80
 
68 81
         if result:

+ 1
- 2
registro-run.py Wyświetl plik

@@ -6,8 +6,7 @@ from authlib import *
6 6
 
7 7
 app = Flask(__name__)
8 8
 
9
-secret = os.open("secret","r").read()
10
-print(secret)
9
+secret = open("secret","r").read()
11 10
 
12 11
 @app.route('/', methods=['GET', 'POST'])
13 12
 def index():