From c7b0024d2405d29e5c36445b6d28af046b2213f1 Mon Sep 17 00:00:00 2001
From: Javier Sánchez Parra <jsanchez@soleta.eu>
Date: Thu, 21 Apr 2022 17:30:12 +0200
Subject: Add password hashing

The front-end now hashes passwords before sending them to the back-end.
It uses SHA-512.

This commit adds a hidden input which sends the password hash to not
interfere with browsers' save password functionality.

Also change passwords of the template configuration file for their
hashed/digested versions.
---
 ogcp/templates/auth/login.html | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'ogcp/templates/auth/login.html')

diff --git a/ogcp/templates/auth/login.html b/ogcp/templates/auth/login.html
index ee3f2e3..2b6cce9 100644
--- a/ogcp/templates/auth/login.html
+++ b/ogcp/templates/auth/login.html
@@ -15,7 +15,8 @@
           {{ wtf.quick_form(form,
                             method='post',
                             form_type='basic',
-                            button_map={'submit_btn':'primary'}) }}
+                            button_map={'submit_btn':'primary'},
+                            id='login-form') }}
         </div>
         <!-- /.login-card-body -->
       </div>
@@ -23,5 +24,12 @@
 <!-- /.login-box -->
 </div>
 
+<script>
+    document.addEventListener('readystatechange', () => {
+        if (document.readyState === 'complete') {
+            digestLoginPassword()
+        }
+    });
+</script>
 
 {% endblock %}
-- 
cgit v1.2.3-18-g5258