webui: crypt user password by default before passing it to backend #5321
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
NOTE: using the same method as the current Gtk GUI
jstodola
reviewed
Nov 14, 2023
| @@ -45,12 +45,18 @@ export function getAccountsState ( | |||
| }; | |||
| } | |||
|
|
|||
| export const cryptUserPassword = async (password) => { | |||
| const pythonScript = `from random import SystemRandom as sr; import crypt; print(crypt.crypt("${password}", "$y$j9T$" + "".join(sr().choice("./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz") for _sc in range(24))))`; | |||
There was a problem hiding this comment.
The crypt module will be removed in Python 3.13, which is planned/proposed for Fedora 41: https://discussion.fedoraproject.org/t/f41-change-proposal-python-3-13-system-wide/92897
So this code might stop working quite soon. Unfortunately, I do not come with another solution.
There was a problem hiding this comment.
I would prefer to address it out of scope of this PR together with the GUI implementation:
anaconda/pyanaconda/core/users.py
Line 40 in c25d1fe
|
The PR has been migrated to the new repository: rhinstaller/anaconda-webui#48 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
NOTE: using the same method as the current Gtk GUI
I didn't find anything usable for crypting the password in javascript but I might well miss something.