From c7b0024d2405d29e5c36445b6d28af046b2213f1 Mon Sep 17 00:00:00 2001 From: Javier Sánchez Parra Date: Thu, 21 Apr 2022 17:30:12 +0200 Subject: Add password hashing The front-end now hashes passwords before sending them to the back-end. It uses SHA-512. This commit adds a hidden input which sends the password hash to not interfere with browsers' save password functionality. Also change passwords of the template configuration file for their hashed/digested versions. --- ogcp/forms/auth.py | 2 ++ 1 file changed, 2 insertions(+) (limited to 'ogcp/forms') diff --git a/ogcp/forms/auth.py b/ogcp/forms/auth.py index 15534a6..c02ecc7 100644 --- a/ogcp/forms/auth.py +++ b/ogcp/forms/auth.py @@ -21,6 +21,8 @@ class LoginForm(FlaskForm): ) pwd = PasswordField( label=_l('Password'), + ) + pwd_hash = HiddenField( validators=[InputRequired()] ) submit_btn = SubmitField( -- cgit v1.2.3-18-g5258