finallycoffee/self-service-api
2
0
Fork 1
Code Issues Pull Requests 1 Projects Releases Wiki Activity

feat: store bcrypt encoded passwords

Browse Source
This commit is contained in:
Julia 2021-06-06 18:04:15 +02:00
parent 3cde9f1078
commit 782e0f7b97
Signed by untrusted user: julia
GPG Key ID: 6A0C04FA9A7D7582
2 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
requirements.txt
View File

@ -8,3 +8,4 @@ python-ldap==3.3.1
starlette==0.14.2 starlette==0.14.2
typing-extensions==3.10.0.0 typing-extensions==3.10.0.0
uvicorn==0.13.4 uvicorn==0.13.4
bcrypt==3.2.0

9
src/main.py
View File

@ -1,3 +1,4 @@
import bcrypt
import ldap import ldap
from fastapi import FastAPI, HTTPException, Response from fastapi import FastAPI, HTTPException, Response
from pydantic import BaseModel from pydantic import BaseModel
@ -18,7 +19,8 @@ def change_password(rdn: str, update_request: PasswordUpdate):
ldap_conn = _connect_ldap_simple_bind(LDAP_URI, f"{rdn},{LDAP_BASE_DN}", update_request.bind_pw) ldap_conn = _connect_ldap_simple_bind(LDAP_URI, f"{rdn},{LDAP_BASE_DN}", update_request.bind_pw)
except ldap.INVALID_CREDENTIALS as e: except ldap.INVALID_CREDENTIALS as e:
raise HTTPException(status_code=401, detail=str(e)) raise HTTPException(status_code=401, detail=str(e))
_update_ldap_userPassword(ldap_conn, f"{rdn},{LDAP_BASE_DN}", update_request.userPassword) new_pass = _hash_password(update_request.userPassword)
_update_ldap_userPassword(ldap_conn, f"{rdn},{LDAP_BASE_DN}", new_pass)
def _connect_ldap_simple_bind(server_uri: str, bind_dn: str, bind_pw: str): def _connect_ldap_simple_bind(server_uri: str, bind_dn: str, bind_pw: str):
@ -31,3 +33,8 @@ def _connect_ldap_simple_bind(server_uri: str, bind_dn: str, bind_pw: str):
def _update_ldap_userPassword(conn, dn: str, new_pass: str): def _update_ldap_userPassword(conn, dn: str, new_pass: str):
changes = [( ldap.MOD_REPLACE, 'userPassword', bytes(str(new_pass), 'utf-8') )] changes = [( ldap.MOD_REPLACE, 'userPassword', bytes(str(new_pass), 'utf-8') )]
result = conn.modify_ext_s(dn, changes) result = conn.modify_ext_s(dn, changes)
def _hash_password(pw: str):
hash_b = bcrypt.hashpw(pw.encode(), bcrypt.gensalt())
return '{BCRYPT}' + hash_b.decode()