Spaces:

UcsTurkey
/

flare

Building

App Files Files Community

ciyidogan commited on Jun 10

Commit

2069381

verified ·

1 Parent(s): de3c389

Update admin_routes.py

Browse files

Files changed (1) hide show

admin_routes.py +38 -29

admin_routes.py CHANGED Viewed

@@ -37,6 +37,10 @@ class LoginResponse(BaseModel):
     token: str
     username: str
 class EnvironmentUpdate(BaseModel):
     work_mode: str
     cloud_token: Optional[str] = None
@@ -100,22 +104,19 @@ class TestRequest(BaseModel):
     test_type: str  # "all", "ui", "backend", "integration", "spark"
 # ===================== Helpers =====================
-def hash_password(password: str) -> str:
-    """Simple SHA256 hash for demo. Use bcrypt in production!"""
-    return hashlib.sha256(password.encode()).hexdigest()
-def verify_token(credentials: HTTPAuthorizationCredentials = Depends(security)) -> str:
-    """Verify JWT token and return username"""
-    try:
-        payload = jwt.decode(credentials.credentials, JWT_SECRET, algorithms=[JWT_ALGORITHM])
-        username = payload.get("sub")
-        if username is None:
-            raise HTTPException(status_code=401, detail="Invalid token")
-        return username
-    except jwt.ExpiredSignatureError:
-        raise HTTPException(status_code=401, detail="Token expired")
-    except jwt.JWTError:
-        raise HTTPException(status_code=401, detail="Invalid token")
 def load_config() -> Dict[str, Any]:
     """Load service_config.jsonc"""
@@ -171,9 +172,11 @@ async def login(request: LoginRequest):
     if not user:
         raise HTTPException(status_code=401, detail="Invalid credentials")
-    # Verify password (simple hash for demo)
-    if hash_password(request.password) != user["password_hash"]:
-        raise HTTPException(status_code=401, detail="Invalid credentials")
     # Create JWT token
     expire = datetime.utcnow() + timedelta(hours=JWT_EXPIRATION_HOURS)
@@ -185,14 +188,10 @@ async def login(request: LoginRequest):
     log(f"✅ User '{request.username}' logged in")
     return LoginResponse(token=token, username=request.username)
-    log(f"✅ User '{request.username}' logged in")
-    return LoginResponse(token=token, username=request.username)
 @router.post("/change-password")
 async def change_password(
-    current_password: str,
-    new_password: str,
     username: str = Depends(verify_token)
 ):
     """Change user password"""
@@ -200,21 +199,31 @@ async def change_password(
     # Find user
     users = config.get("config", {}).get("users", [])
-    user = next((u for u in users if u["username"] == username), None)
-    if not user:
         raise HTTPException(status_code=404, detail="User not found")
     # Verify current password
-    if hash_password(current_password) != user["password_hash"]:
         raise HTTPException(status_code=401, detail="Current password is incorrect")
-    # Update password
-    user["password_hash"] = hash_password(new_password)
     # Save config
     save_config(config)
     log(f"✅ Password changed for user '{username}'")
     return {"success": True, "message": "Password changed successfully"}

     token: str
     username: str
+class ChangePasswordRequest(BaseModel):
+    current_password: str
+    new_password: str
 class EnvironmentUpdate(BaseModel):
     work_mode: str
     cloud_token: Optional[str] = None
     test_type: str  # "all", "ui", "backend", "integration", "spark"
 # ===================== Helpers =====================
+def hash_password(password: str, salt: str = None) -> tuple[str, str]:
+    """Hash password with bcrypt. Returns (hash, salt)"""
+    if salt is None:
+        salt = bcrypt.gensalt().decode('utf-8')
+    else:
+        salt = salt.encode('utf-8')
+    hashed = bcrypt.hashpw(password.encode('utf-8'), salt).decode('utf-8')
+    return hashed, salt.decode('utf-8') if isinstance(salt, bytes) else salt
+def verify_password(password: str, hashed: str, salt: str) -> bool:
+    """Verify password against hash"""
+    return bcrypt.checkpw(password.encode('utf-8'), hashed.encode('utf-8'))
 def load_config() -> Dict[str, Any]:
     """Load service_config.jsonc"""
     if not user:
         raise HTTPException(status_code=401, detail="Invalid credentials")
+    # Verify password with bcrypt
+    if not verify_password(request.password, user["password_hash"], user.get("salt", "")):
+        # Fallback to simple hash for backward compatibility
+        if hash_password(request.password)[0] != user["password_hash"]:
+            raise HTTPException(status_code=401, detail="Invalid credentials")
     # Create JWT token
     expire = datetime.utcnow() + timedelta(hours=JWT_EXPIRATION_HOURS)
     log(f"✅ User '{request.username}' logged in")
     return LoginResponse(token=token, username=request.username)
 @router.post("/change-password")
 async def change_password(
+    request: ChangePasswordRequest,
     username: str = Depends(verify_token)
 ):
     """Change user password"""
     # Find user
     users = config.get("config", {}).get("users", [])
+    user_index = next((i for i, u in enumerate(users) if u["username"] == username), None)
+    if user_index is None:
         raise HTTPException(status_code=404, detail="User not found")
+    user = users[user_index]
     # Verify current password
+    if not verify_password(request.current_password, user["password_hash"], user.get("salt", "")):
         raise HTTPException(status_code=401, detail="Current password is incorrect")
+    # Generate new hash with new salt
+    new_hash, new_salt = hash_password(request.new_password)
+    # Update user
+    users[user_index]["password_hash"] = new_hash
+    users[user_index]["salt"] = new_salt
     # Save config
     save_config(config)
+    # Add activity log
+    add_activity_log(config, username, "CHANGE_PASSWORD", "user", username, username, "Password changed")
+    save_config(config)
     log(f"✅ Password changed for user '{username}'")
     return {"success": True, "message": "Password changed successfully"}