Print a console warning for users using a clear text ADMIN_PASSWORD

2025-05-05 20:51:49 +02:00 · 2017-06-23 19:13:30 +02:00 · 2017-06-23 19:13:30 +02:00 · ae724a91e7
commit ae724a91e7
parent 999df67a96
1 changed files with 9 additions and 0 deletions
--- a/budget/run.py
+++ b/budget/run.py
@ -52,6 +52,15 @@ def configure():
        if not 'MAIL_DEFAULT_SENDER' in app.config:
            app.config['MAIL_DEFAULT_SENDER'] = DEFAULT_MAIL_SENDER

+    if "pbkdf2:sha256:" not in app.config['ADMIN_PASSWORD'] and app.config['ADMIN_PASSWORD']:
+        # Since v1.1
+        warnings.warn(
+            "You are using an unhashed ADMIN_PASSWORD, which is not supported anymore"
+            +" for safety reasons. Please follow the instructions in the installation"
+            +" documentation to update to a safer password mechanism.",
+            UserWarning
+        )
+
 configure()