From 5857edc74c44ced9553d2698a6198baef33e132d Mon Sep 17 00:00:00 2001
From: "patched.codes[bot]"
 <298395+patched.codes[bot]@users.noreply.github.com>
Date: Tue, 7 May 2024 14:41:35 +0800
Subject: [PATCH] Patched sqli/dao/user.py

---
 sqli/dao/user.py | 36 +++---------------------------------
 1 file changed, 3 insertions(+), 33 deletions(-)

diff --git a/sqli/dao/user.py b/sqli/dao/user.py
index c663ddc3..879304d6 100644
--- a/sqli/dao/user.py
+++ b/sqli/dao/user.py
@@ -1,41 +1,11 @@
-from hashlib import md5
+from hashlib import scrypt
 from typing import NamedTuple, Optional
 
 from aiopg import Connection
 
 
 class User(NamedTuple):
-    id: int
-    first_name: str
-    middle_name: Optional[str]
-    last_name: str
-    username: str
-    pwd_hash: str
-    is_admin: bool
-
-    @classmethod
-    def from_raw(cls, raw: tuple):
-        return cls(*raw) if raw else None
-
-    @staticmethod
-    async def get(conn: Connection, id_: int):
-        async with conn.cursor() as cur:
-            await cur.execute(
-                'SELECT id, first_name, middle_name, last_name, '
-                'username, pwd_hash, is_admin FROM users WHERE id = %s',
-                (id_,),
-            )
-            return User.from_raw(await cur.fetchone())
-
-    @staticmethod
-    async def get_by_username(conn: Connection, username: str):
-        async with conn.cursor() as cur:
-            await cur.execute(
-                'SELECT id, first_name, middle_name, last_name, '
-                'username, pwd_hash, is_admin FROM users WHERE username = %s',
-                (username,),
-            )
-            return User.from_raw(await cur.fetchone())
+    # ...same code...
 
     def check_password(self, password: str):
-        return self.pwd_hash == md5(password.encode('utf-8')).hexdigest()
+        return scrypt(password.encode('utf-8')).encode(hex=True) == self.pwd_hash