Closed passiomatic closed 1 year ago
Changed my mind: let's use new Peewee's PasswordField instead: http://docs.peewee-orm.com/en/latest/peewee/playhouse.html?highlight=passwordfield#PasswordField
We need to add a bcrypt
dependency but it solves a few potential issues while dealing with the availability of different algorithms on different platforms.
Peewee in version 3 dropped password field, but it's not complected to implement similar good logic. Passlib has good examples.
Done while porting codebase to Python 3 583bd5c
Store salted and hashed password and Fever apikey into database.
See:
Since different algorithms can be available on a user platform Coldsweat could store salted passwords with a prefix specifying the algorithm used, something like:
sha1:cc4a5ce1b3df48aec5d22d1f16b894a0b894eccc