45 lines
1.3 KiB
Python
45 lines
1.3 KiB
Python
from os import urandom
|
|
from typing import Tuple, Optional
|
|
from cryptography.fernet import Fernet, InvalidToken
|
|
from cryptography.hazmat.primitives.kdf.scrypt import Scrypt
|
|
import base64
|
|
|
|
with open("pwd_key.txt", "rb") as key_file:
|
|
key = key_file.read().strip()
|
|
f = Fernet(key)
|
|
|
|
#TODO: properly set SQL blob sizes, they're constant
|
|
def __scrypt__(salt: bytes) -> Scrypt:
|
|
return Scrypt(
|
|
salt=salt,
|
|
length=32,
|
|
n=2**14,
|
|
r=8,
|
|
p=1,
|
|
)
|
|
|
|
def new_password(password: bytes) -> Tuple[bytes, bytes]:
|
|
salt = urandom(16)
|
|
key = base64.urlsafe_b64encode(__scrypt__(salt).derive(password))
|
|
f = Fernet(key)
|
|
out = f.encrypt(password)
|
|
return salt, out
|
|
|
|
def verify_password(stored_salt: bytes, stored_key: bytes, provided_password: bytes) -> bool:
|
|
key = base64.urlsafe_b64encode(__scrypt__(stored_salt).derive(provided_password))
|
|
f = Fernet(key)
|
|
try:
|
|
f.decrypt(stored_key)
|
|
return True
|
|
except InvalidToken:
|
|
return False
|
|
|
|
if __name__ == "__main__":
|
|
# helper script for inserting a new admin
|
|
import db_connect
|
|
username = input("Enter new username: ")
|
|
password = input("Enter new password: ").encode()
|
|
db = db_connect.DatabaseConnect()
|
|
salt, key = new_password(password)
|
|
db.create_user(username, salt, key, True)
|
|
print(f"Created user {username}") |