def post(self, username, org): parser = reqparse.RequestParser() parser.add_argument('resetid', type=str, required=True, help='ResetID of the reset request') parser.add_argument('password', type=str, required=True, help='New password equivelent created from the ' + 'output of the pbkdf2 function salted with ' + '"username@org" and a count of 100000') args = parser.parse_args() if AuthDB.userExists(org, username): if AuthDB.validatePasswordReset(org, username, args['resetid']): try: salt = passwordutils.generateSalt() passwordHash = passwordutils.hashPassword( args['password'], salt, algo='argon2', params={'t': 5}) AuthDB.setPassword(org, username, passwordHash, salt) except Exception as e: log.error('Exeption in CompletePasswordReset Post: %s' % (e,)) return {'message': 'Error changing password for "%s"@"%s"' % (username, org)}, 500 finally: AuthDB.deletePasswordReset(org, username) return {'message': 'Password updated for "%s"@"%s".' % (username, org)}, 200 else: return {'message': 'Cannot change password for "%s"@"%s". ' % (username, org) + 'Invalid or expired resetid'}, 400 else: return {'message': 'Cannot change password for invalid user "%s"@"%s"' % (username, org)}, 400
def validatePassword(org, username, password): """ Compare the given password against the hashed version for the user :org: Organization of the user to check :username: Name of the user to check :password: Raw password of the user, without salt """ salt = AuthDB.getUserSalt(org, username) if salt is not None: computedHash = passwordutils.hashPassword( password, salt, algo='argon2', params={'t': 5}) storedHash = AuthDB.getUserHash(org, username) if computedHash == storedHash: return True return False