Firepup650/bitbot-3.11-fork
2
0
Fork 0
Code Issues Pull requests Activity Actions

Make masterlogin passwords one-time-use

Browse source
This commit is contained in:
jesopo 2019-04-24 17:37:44 +01:00
parent dffee4d223
commit 9ac7ead57e
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
modules/permissions/__init__.py
View file

@ -18,7 +18,7 @@ class Module(ModuleManager.BaseModule):
master_password = self._random_password() master_password = self._random_password()
hash, salt = self._make_hash(master_password) hash, salt = self._make_hash(master_password)
self.bot.set_setting("master-password", [hash, salt]) self.bot.set_setting("master-password", [hash, salt])
print("master password: %s" % master_password) print("one-time master password: %s" % master_password)
else: else:
raise ValueError("Unknown command-line argument") raise ValueError("Unknown command-line argument")
@ -63,6 +63,7 @@ class Module(ModuleManager.BaseModule):
if saved_hash and saved_salt: if saved_hash and saved_salt:
given_hash, _ = self._make_hash(event["args"], saved_salt) given_hash, _ = self._make_hash(event["args"], saved_salt)
if utils.security.constant_time_compare(given_hash, saved_hash): if utils.security.constant_time_compare(given_hash, saved_hash):
self.bot.del_setting("master-password")
event["user"].admin_master = True event["user"].admin_master = True
event["stdout"].write("Master login successful") event["stdout"].write("Master login successful")
return return