Add admin hash config and warning #79
Conversation
Signed-off-by: lqsky7 <[email protected]>
src/pwncore/config.py
Outdated
| import warnings | ||
| from dotenv import load_dotenv | ||
|
|
||
| # Put .env in root of pwncore | ||
| dotenv_path = os.path.join(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))), ".env") | ||
| if not load_dotenv(dotenv_path): | ||
| warnings.warn(f".env file not loaded from {dotenv_path}", RuntimeWarning) |
There was a problem hiding this comment.
db_url=os.environ.get("DATABASE_URL", "sqlite://:memory:"),
Load like this.
There was a problem hiding this comment.
The rest is not needed.
src/pwncore/config.py
Outdated
| raw_admin_hash = os.environ.get("PWNCORE_ADMIN_HASH") | ||
| if (raw_admin_hash is None): | ||
| admin_hash_value = "$2b$12$BjtKkihGhQlOZuLD/KrmuOP27mJ04ldXyzBgtbrNzD9JoPN/DKN1u" | ||
| using_default_admin = True | ||
| else: | ||
| admin_hash_value = raw_admin_hash | ||
| using_default_admin = False |
There was a problem hiding this comment.
Add the default value directly in the get function call
There was a problem hiding this comment.
for the default one put the password as pwncore and hash it.
Signed-off-by: lqsky7 <[email protected]>
src/pwncore/config.py
Outdated
| raw_admin_hash = os.environ.get("PWNCORE_ADMIN_HASH", "sqlite://:memory:") | ||
| if raw_admin_hash is None: | ||
| admin_hash_value = "$2b$12$ZA/l9O96A34QQOlUD48LkesLukw4IAMDih1oV8l.GoEa7TewfeOP2" | ||
| using_default_admin = True | ||
| else: | ||
| admin_hash_value = raw_admin_hash | ||
| using_default_admin = False |
There was a problem hiding this comment.
Recheck this. It is wrong.
There was a problem hiding this comment.
import admin_hash directly. No need for raw_admin_hash or admin_hash_value
There was a problem hiding this comment.
i don't understand os.environ.get("PWNCORE_ADMIN_HASH", "sqlite://:memory:")
second argument of environ.get is what the variable will default to if .env is not found right?
should i do it like this?
admin_hash_value = os.environ.get("PWNCORE_ADMIN_HASH", None)
if admin_hash_value is None:
admin_hash_value = "$2b$12$ZA/l9O96A34QQOlUD48LkesLukw4IAMDih1oV8l.GoEa7TewfeOP2"
using_default_admin = True
src/pwncore/config.py
Outdated
| @@ -1,5 +1,7 @@ | |||
| import os | |||
| from dataclasses import dataclass | |||
| import warnings | |||
| from dotenv import load_dotenv | |||
There was a problem hiding this comment.
Not accessed. Remove this.
There was a problem hiding this comment.
warning is being used, should i just do a print statement instead?
There was a problem hiding this comment.
warnings is fine. dotenv is not required.
Signed-off-by: lqsky7 <[email protected]>
| @@ -1,5 +1,7 @@ | |||
| import os | |||
| import bcrypt | |||
There was a problem hiding this comment.
use passlib.hash > bcrypt instead.
| @@ -42,6 +44,8 @@ | |||
| "users_not_found": 24, | |||
| } | |||
|
|
|||
| admin_hash_value = os.environ.get("PWNCORE_ADMIN_HASH", bcrypt.hashpw('pwncore'.encode(), bcrypt.gensalt()).decode()) | |||
There was a problem hiding this comment.
bcrypt.hashpw('pwncore'.encode(), bcrypt.gensalt()).decode() > bcrypt.hash("pwncore")
No description provided.