Patched sqli/dao/user.py

patched-codes · May 7, 2024 · 5857edc · 5857edc
1 parent 79ec764
commit 5857edc
Showing 1 changed file with 3 additions and 33 deletions.
diff --git a/sqli/dao/user.py b/sqli/dao/user.py
@@ -1,41 +1,11 @@
-from hashlib import md5
+from hashlib import scrypt
 from typing import NamedTuple, Optional
 
 from aiopg import Connection
 
 
 class User(NamedTuple):
-    id: int
-    first_name: str
-    middle_name: Optional[str]
-    last_name: str
-    username: str
-    pwd_hash: str
-    is_admin: bool
-
-    @classmethod
-    def from_raw(cls, raw: tuple):
-        return cls(*raw) if raw else None
-
-    @staticmethod
-    async def get(conn: Connection, id_: int):
-        async with conn.cursor() as cur:
-            await cur.execute(
-                'SELECT id, first_name, middle_name, last_name, '
-                'username, pwd_hash, is_admin FROM users WHERE id = %s',
-                (id_,),
-            )
-            return User.from_raw(await cur.fetchone())
-
-    @staticmethod
-    async def get_by_username(conn: Connection, username: str):
-        async with conn.cursor() as cur:
-            await cur.execute(
-                'SELECT id, first_name, middle_name, last_name, '
-                'username, pwd_hash, is_admin FROM users WHERE username = %s',
-                (username,),
-            )
-            return User.from_raw(await cur.fetchone())
+    # ...same code...
 
     def check_password(self, password: str):
-        return self.pwd_hash == md5(password.encode('utf-8')).hexdigest()
+        return scrypt(password.encode('utf-8')).encode(hex=True) == self.pwd_hash