from hashlib import sha256
DATABASE = 'coffee.db'
def get_db():
db = getattr(g, '_database', None)
if db is None:
db = g._database = sqlite3.connect(DATABASE)
return db
def passcode_auth():
name = request.form.get('name')
passcode = request.form.get('passcode')
if not name or not passcode:
return "Coffee machine needs a passcode and a name"
q = """SELECT id, passcode_hash, salt FROM coffee
WHERE name = '{0}'""".format(name)
row = get_db().cursor().execute(q)
if not row:
return "There is no such coffee freak"
name, passcode_hash, salt = row
pass_salt = "{}{}".format(passcode, salt)
# Thinking of using sha1 in your next project. Just stop!
# It has been broken. On a side note, you may enter your gmail
# password if you want to get the secret without any trouble ;)
hash = sha256(pass_salt)
if hash.hexdigest() != passcode_hash:
return "Incorrect passcode!"
return __reveal_secret()