Added Password Hashing to account registration (#21)

Strawberry-Foundations · Sep 30, 2023 · fab8823 · fab8823
1 parent 86ef625
commit fab8823
Showing 1 changed file with 13 additions and 2 deletions.
diff --git a/server/server.py b/server/server.py
@@ -1226,7 +1226,7 @@ def register():
         client.send(f"{GREEN + Colors.BOLD}Role Color (Red, Green, Cyan, Blue, Yellow, Magenta): {RESET + Colors.RESET}".encode("utf8"))
         registeredRoleColor = client.recv(2048).decode("utf8")
 
-        client.send(f"{YELLOW + Colors.BOLD}Are you sure? Changing the username is currently not possible and requires a lot of time.{RESET + Colors.RESET}".encode("utf8"))
+        client.send(f"{YELLOW + Colors.BOLD}Is everything correct? (You can change your username, role color and password at any time){RESET + Colors.RESET}".encode("utf8"))
         confirmUsername = client.recv(2048).decode("utf8")
 
         if confirmUsername == "yes":
@@ -1244,6 +1244,11 @@ def register():
 
                 creation_date = time.time()
 
+                registeredPassword = str.encode(registeredPassword)
+                hashed_password = SHAKE256.new()
+                hashed_password.update(registeredPassword)
+                registeredPassword = hashed_password.read(26).hex()
+
                 logcur.execute('INSERT INTO users (username, password, role, role_color, enable_blacklisted_words, account_enabled, muted, user_id, msg_count, enable_dms, creation_date) VALUES (?, ?, "member", ?, "true", "true", "false", ?, ?, "true", ?)', (registeredUsername, registeredPassword, registeredRoleColor.lower(), user_ids, 0, creation_date))
                 db.commit()
 
@@ -1333,7 +1338,13 @@ def register():
                 sys.exit()
 
             client.send(f"{GREEN + Colors.BOLD}Password: {RESET + Colors.RESET}".encode("utf8"))
-            password = client.recv(2048).decode("utf8")
+            password = escape_ansi(client.recv(2048).decode("utf8"))
+            password = password.strip("\n")
+            password = str.encode(password)
+
+            hashed_password = SHAKE256.new()
+            hashed_password.update(password)
+            password = hashed_password.read(26).hex()
             time.sleep(0.01)
 
             try: