search

quinone / password-manager

Password management application developed as a group project for college.
0 stars 0 forks source link

45 security breach with new settings and password generator access without login #47

Closed quinone closed 5 months ago

quinone commented 5 months ago

Refactored password_generator

Hey @Pitoche I've updated the generator and

Refactored the generate password function.

Generate_password() is in PassGenerator.py It is now using secrets module in line with the submitted plan.

Removed the password generator routes from the create_app() in init.py

password_generator() is now in vault - this combine the post response from the form and generate_password() I think that might have been by passing the @login_required

Moved the delete account to vault path

Think it makes more sense there.

Folder route now '/vault/folder/

Changed the folder route to just require the folder name so its now /vault/folder/ For security this function also uses the user_ID to prevent the user from viewing others folders/passwords Changed the keys to lower case in line with the decrypt_item function.

Updated the folder tests

Folder tests now to check if user can view other passwords/folders

quinone commented 5 months ago

Merging to initial branch before merging to development