diff --git a/src/dashboard.py b/src/dashboard.py index 30e012f..c77c013 100644 --- a/src/dashboard.py +++ b/src/dashboard.py @@ -5,7 +5,7 @@ Under Apache-2.0 License import sqlite3 import configparser -import hashlib +import bcrypt import ipaddress import json # Python Built-in Library @@ -706,16 +706,20 @@ def auth(): """ data = request.get_json() config = get_dashboard_conf() - password = hashlib.sha256(data['password'].encode()) - if password.hexdigest() == config["Account"]["password"] \ - and data['username'] == config["Account"]["username"]: + saved_password_hash = config["Account"]["password"] + + # Verify the password using bcrypt + if bcrypt.checkpw(data['password'].encode(), saved_password_hash.encode()): session['username'] = data['username'] config.clear() return jsonify({"status": True, "msg": ""}) + config.clear() return jsonify({"status": False, "msg": "Username or Password is incorrect."}) + + """ Index Page """ @@ -858,6 +862,7 @@ def update_peer_default_config(): return redirect(url_for("settings")) + # Update dashboard password @app.route('/update_pwd', methods=['POST']) def update_pwd(): @@ -867,10 +872,19 @@ def update_pwd(): """ config = get_dashboard_conf() - if hashlib.sha256(request.form['currentpass'].encode()).hexdigest() == config.get("Account", "password"): - if hashlib.sha256(request.form['newpass'].encode()).hexdigest() == hashlib.sha256( - request.form['repnewpass'].encode()).hexdigest(): - config.set("Account", "password", hashlib.sha256(request.form['repnewpass'].encode()).hexdigest()) + saved_password_hash = config.get("Account", "password") + current_password = request.form['currentpass'] + new_password = request.form['newpass'] + rep_new_password = request.form['repnewpass'] + + # Verify the current password using bcrypt + if bcrypt.checkpw(current_password.encode(), saved_password_hash.encode()): + # Check if the new passwords match + if new_password == rep_new_password: + # Hash the new password and update the config + new_password_hash = bcrypt.hashpw(new_password.encode(), bcrypt.gensalt()) + config.set("Account", "password", new_password_hash.decode()) + try: set_dashboard_conf(config) session['message'] = "Password updated successfully!" @@ -894,6 +908,7 @@ def update_pwd(): return redirect(url_for("settings")) + @app.route('/update_app_ip_port', methods=['POST']) def update_app_ip_port(): """ @@ -1647,7 +1662,15 @@ def init_dashboard(): if "username" not in config['Account']: config['Account']['username'] = 'admin' if "password" not in config['Account']: - config['Account']['password'] = '8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918' + wg_dash_pass = "admin" + #wg_dash_pass = os.environ.get('WG_DASH_PASS') + # Hash the password using bcrypt + salt = bcrypt.gensalt(rounds=12) + hashed_password_bytes = bcrypt.hashpw(wg_dash_pass.encode('utf-8'), salt) + # Convert the hashed password bytes to a string and remove the leading 'b' + hashed_password_str = hashed_password_bytes.decode('utf-8').lstrip('b') + hashpassword_output = f"{hashed_password_str}" + config['Account']['password'] = hashpassword_output # Default dashboard server setting if "Server" not in config: config['Server'] = {} diff --git a/src/requirements.txt b/src/requirements.txt index 505c6e3..635e79e 100644 --- a/src/requirements.txt +++ b/src/requirements.txt @@ -2,6 +2,7 @@ Flask ifcfg psutil icmplib +bcrypt flask-qrcode gunicorn -certbot \ No newline at end of file +certbot