Do not enforce a check on sha256 hash algorithm.

This makes it inconsistent with our own generated passwords. Only check that the password has been hashed. Fixes #310.
2025-04-29 01:42:37 +02:00 · 2018-01-05 22:57:31 +01:00 · 2018-01-05 22:57:31 +01:00 · c3b973b15e
commit c3b973b15e
parent b581865873
2 changed files with 2 additions and 1 deletions
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@ -10,6 +10,7 @@ Fixed
 =====

 - Fix the generation of the supervisord template (#306)
+- Fix the validation of the hashed password (#310)


 2.0 (2017-12-27)
--- a/ihatemoney/run.py
+++ b/ihatemoney/run.py
@ -89,7 +89,7 @@ def validate_configuration(app):
        if 'MAIL_DEFAULT_SENDER' not in app.config:
            app.config['MAIL_DEFAULT_SENDER'] = default_settings.DEFAULT_MAIL_SENDER

-    if "pbkdf2:sha256:" not in app.config['ADMIN_PASSWORD'] and app.config['ADMIN_PASSWORD']:
+    if "pbkdf2:" not in app.config['ADMIN_PASSWORD'] and app.config['ADMIN_PASSWORD']:
        # Since 2.0
        warnings.warn(
            "The way Ihatemoney stores your ADMIN_PASSWORD has changed. You are using an unhashed"