From c7b0024d2405d29e5c36445b6d28af046b2213f1 Mon Sep 17 00:00:00 2001
From: Javier Sánchez Parra <jsanchez@soleta.eu>
Date: Thu, 21 Apr 2022 17:30:12 +0200
Subject: Add password hashing

The front-end now hashes passwords before sending them to the back-end.
It uses SHA-512.

This commit adds a hidden input which sends the password hash to not
interfere with browsers' save password functionality.

Also change passwords of the template configuration file for their
hashed/digested versions.
---
 ogcp/forms/auth.py | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'ogcp/forms')

diff --git a/ogcp/forms/auth.py b/ogcp/forms/auth.py
index 15534a6..c02ecc7 100644
--- a/ogcp/forms/auth.py
+++ b/ogcp/forms/auth.py
@@ -21,6 +21,8 @@ class LoginForm(FlaskForm):
     )
     pwd = PasswordField(
         label=_l('Password'),
+    )
+    pwd_hash = HiddenField(
         validators=[InputRequired()]
     )
     submit_btn = SubmitField(
-- 
cgit v1.2.3-18-g5258