Fixed reset of master password

This commit is contained in:
StNicolay 2022-10-14 19:53:05 +03:00
parent 39e86793a6
commit b1017082a9
2 changed files with 13 additions and 3 deletions

View File

@ -26,7 +26,7 @@ def add_record(
master_password = data[4] master_password = data[4]
master_password_from_db = database.get.get_master_pass(engine, mes.from_user.id) master_password_from_db = database.get.get_master_pass(engine, mes.from_user.id)
if master_password is None: if master_password_from_db is None:
return _send_tmp_message(bot, mes.chat.id, "Нет мастер пароля") return _send_tmp_message(bot, mes.chat.id, "Нет мастер пароля")
master_salt, hash_pass = master_password_from_db master_salt, hash_pass = master_password_from_db
@ -102,7 +102,10 @@ def get_account(
if data[1] not in database.get.get_accounts(engine, mes.from_user.id): if data[1] not in database.get.get_accounts(engine, mes.from_user.id):
return _send_tmp_message(bot, mes.chat.id, "Нет такого аккаунта") return _send_tmp_message(bot, mes.chat.id, "Нет такого аккаунта")
master_salt, hash_pass = database.get.get_master_pass(engine, mes.from_user.id) master_pass = database.get.get_master_pass(engine, mes.from_user.id)
if master_pass is None:
return _send_tmp_message(bot, mes.chat.id, "Нет мастер пароля")
master_salt, hash_pass = master_pass
if ( if (
cryptography.master_pass.encrypt_master_pass_known_salt(data[2], master_salt) cryptography.master_pass.encrypt_master_pass_known_salt(data[2], master_salt)
!= hash_pass != hash_pass
@ -133,6 +136,13 @@ def reset_master_pass(
bot: telebot.TeleBot, engine: Engine, mes: telebot.types.Message bot: telebot.TeleBot, engine: Engine, mes: telebot.types.Message
) -> None: ) -> None:
data = shlex.split(mes.text) data = shlex.split(mes.text)
if len(data) != 2:
return _send_tmp_message(bot, mes.chat.id, "Неправильное количество аргументов")
master_password_from_db = database.get.get_master_pass(engine, mes.from_user.id)
if master_password_from_db is None:
return _send_tmp_message(bot, mes.chat.id, "Нет мастер пароля")
master_password = data[1] master_password = data[1]
enc_pass, salt = cryptography.master_pass.encrypt_master_pass(master_password) enc_pass, salt = cryptography.master_pass.encrypt_master_pass(master_password)
database.delete.purge_accounts(engine, mes.from_user.id) database.delete.purge_accounts(engine, mes.from_user.id)

View File

@ -10,7 +10,7 @@ def change_master_pass(
statement = sqlmodel.update( statement = sqlmodel.update(
models.MasterPass, models.MasterPass,
models.MasterPass.user_id == user_id, models.MasterPass.user_id == user_id,
sqlmodel.values(salt=salt, passwd=passwd), {"salt": salt, "passwd": passwd},
) )
with sqlmodel.Session(engine) as session: with sqlmodel.Session(engine) as session:
session.exec(statement) session.exec(statement)