From 9ac7ead57ed98178f504195d1e22e4c4d1d07e99 Mon Sep 17 00:00:00 2001 From: jesopo Date: Wed, 24 Apr 2019 17:37:44 +0100 Subject: [PATCH] Make masterlogin passwords one-time-use --- modules/permissions/__init__.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/permissions/__init__.py b/modules/permissions/__init__.py index 8932cbf2..3a45c395 100644 --- a/modules/permissions/__init__.py +++ b/modules/permissions/__init__.py @@ -18,7 +18,7 @@ class Module(ModuleManager.BaseModule): master_password = self._random_password() hash, salt = self._make_hash(master_password) self.bot.set_setting("master-password", [hash, salt]) - print("master password: %s" % master_password) + print("one-time master password: %s" % master_password) else: raise ValueError("Unknown command-line argument") @@ -63,6 +63,7 @@ class Module(ModuleManager.BaseModule): if saved_hash and saved_salt: given_hash, _ = self._make_hash(event["args"], saved_salt) if utils.security.constant_time_compare(given_hash, saved_hash): + self.bot.del_setting("master-password") event["user"].admin_master = True event["stdout"].write("Master login successful") return