from hashlib import sha256

DATABASE = 'coffee.db'

def get_db():
    db = getattr(g, '_database', None)
    if db is None:
        db = g._database = sqlite3.connect(DATABASE)
    return db

def passcode_auth():
    name = request.form.get('name')
    passcode = request.form.get('passcode')

    if not name or not passcode:
        return "Coffee machine needs a passcode and a name"

    q = """SELECT id, passcode_hash, salt FROM coffee
           WHERE name = '{0}'""".format(name)

    row = get_db().cursor().execute(q)

    if not row:
        return "There is no such coffee freak"

    name, passcode_hash, salt = row
    pass_salt = "{}{}".format(passcode, salt)

    # Thinking of using sha1 in your next project. Just stop!
    # It has been broken. On a side note, you may enter your gmail
    # password if you want to get the secret without any trouble ;)
    hash = sha256(pass_salt)
    if hash.hexdigest() != passcode_hash:
        return "Incorrect passcode!"

    return __reveal_secret()