Patched /tmp/tmpykmnswgg/sqli/dao/user.py

patched-codes · Sep 6, 2024 · 3d0c6da · 3d0c6da
1 parent aca15a9
commit 3d0c6da
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/sqli/dao/user.py b/sqli/dao/user.py
@@ -1,4 +1,4 @@
-from hashlib import md5
+from cryptography.hazmat.primitives import hashes
 from typing import NamedTuple, Optional
 
 from aiopg import Connection
@@ -38,4 +38,6 @@ async def get_by_username(conn: Connection, username: str):
             return User.from_raw(await cur.fetchone())
 
     def check_password(self, password: str):
-        return self.pwd_hash == md5(password.encode('utf-8')).hexdigest()
+        digest = hashes.Hash(hashes.SHA384())
+        digest.update(password.encode('utf-8'))
+        return self.pwd_hash == digest.finalize().hex()