almet/ihatemoney
1
0
Fork 0
mirror of https://github.com/spiral-project/ihatemoney.git synced 2025-04-29 01:42:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Do not enforce a check on sha256 hash algorithm.

Browse source 
This makes it inconsistent with our own generated passwords. Only check
that the password has been hashed.

Fixes #310.
This commit is contained in:
Alexis Métaireau 2018-01-05 22:57:31 +01:00
parent b581865873
commit c3b973b15e
2 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.rst
View file

@ -10,6 +10,7 @@ Fixed
===== =====
- Fix the generation of the supervisord template (#306) - Fix the generation of the supervisord template (#306)
- Fix the validation of the hashed password (#310)
2.0 (2017-12-27) 2.0 (2017-12-27)

2
ihatemoney/run.py
View file

@ -89,7 +89,7 @@ def validate_configuration(app):
if 'MAIL_DEFAULT_SENDER' not in app.config: if 'MAIL_DEFAULT_SENDER' not in app.config:
app.config['MAIL_DEFAULT_SENDER'] = default_settings.DEFAULT_MAIL_SENDER app.config['MAIL_DEFAULT_SENDER'] = default_settings.DEFAULT_MAIL_SENDER
if "pbkdf2:sha256:" not in app.config['ADMIN_PASSWORD'] and app.config['ADMIN_PASSWORD']: if "pbkdf2:" not in app.config['ADMIN_PASSWORD'] and app.config['ADMIN_PASSWORD']:
# Since 2.0 # Since 2.0
warnings.warn( warnings.warn(
"The way Ihatemoney stores your ADMIN_PASSWORD has changed. You are using an unhashed" "The way Ihatemoney stores your ADMIN_PASSWORD has changed. You are using an unhashed"