From 782e0f7b9757b2d8e3fc1978a0f119de0e10f991 Mon Sep 17 00:00:00 2001 From: Julia Luna Date: Sun, 6 Jun 2021 18:04:15 +0200 Subject: [PATCH] feat: store bcrypt encoded passwords --- requirements.txt | 1 + src/main.py | 9 ++++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index fce7224..8b02edc 100644 --- a/requirements.txt +++ b/requirements.txt @@ -8,3 +8,4 @@ python-ldap==3.3.1 starlette==0.14.2 typing-extensions==3.10.0.0 uvicorn==0.13.4 +bcrypt==3.2.0 \ No newline at end of file diff --git a/src/main.py b/src/main.py index 47ff126..308fbec 100644 --- a/src/main.py +++ b/src/main.py @@ -1,3 +1,4 @@ +import bcrypt import ldap from fastapi import FastAPI, HTTPException, Response from pydantic import BaseModel @@ -18,7 +19,8 @@ def change_password(rdn: str, update_request: PasswordUpdate): ldap_conn = _connect_ldap_simple_bind(LDAP_URI, f"{rdn},{LDAP_BASE_DN}", update_request.bind_pw) except ldap.INVALID_CREDENTIALS as e: raise HTTPException(status_code=401, detail=str(e)) - _update_ldap_userPassword(ldap_conn, f"{rdn},{LDAP_BASE_DN}", update_request.userPassword) + new_pass = _hash_password(update_request.userPassword) + _update_ldap_userPassword(ldap_conn, f"{rdn},{LDAP_BASE_DN}", new_pass) def _connect_ldap_simple_bind(server_uri: str, bind_dn: str, bind_pw: str): @@ -31,3 +33,8 @@ def _connect_ldap_simple_bind(server_uri: str, bind_dn: str, bind_pw: str): def _update_ldap_userPassword(conn, dn: str, new_pass: str): changes = [( ldap.MOD_REPLACE, 'userPassword', bytes(str(new_pass), 'utf-8') )] result = conn.modify_ext_s(dn, changes) + + +def _hash_password(pw: str): + hash_b = bcrypt.hashpw(pw.encode(), bcrypt.gensalt()) + return '{BCRYPT}' + hash_b.decode()