handle password field of signup form properly, and verify altcha solution

2025-11-09 18:05:44 +00:00
parent ed6065a6ea
commit c0600f527f
2 changed files with 18 additions and 19 deletions
--- a/slopserver/models.py
+++ b/slopserver/models.py
@@ -73,8 +73,7 @@ def url_validator(urls: list[str]) -> list[ParseResult]:
    return parsed_urls
 def altcha_validator(altcha_response: AltchaPayload):
-    # verified = verify_solution(altcha_response, TEMP_HMAC_KEY)
+    verified = verify_solution(altcha_response, TEMP_HMAC_KEY)
    verified = (True, None)
    if not verified[0]:
        raise ValueError(f"altcha verification failed: {verified[1]}")
    return None
--- a/slopserver/server.py
+++ b/slopserver/server.py
@@ -134,7 +134,7 @@ async def signup_form(form_data: Annotated[SignupForm, Form()]):
        raise HTTPException(status_code=409, detail="User already exists")
    # create user
-    create_user(form_data.email, get_password_hash(form_data.password), DB_ENGINE)
+    create_user(form_data.email, get_password_hash(form_data.password.get_secret_value()), DB_ENGINE)
@app.get("/altcha-challenge")
 async def altcha_challenge():
@@ -154,24 +154,24 @@ async def simple_login(username: Annotated[str, Form()], password: Annotated[str
    token = generate_auth_token(username)
    return {"access_token": token, "token_type": "bearer"}
-@app.post("/altcha-challenge")
+# @app.post("/altcha-challenge")
-async def altcha_verify(payload: Annotated[Base64Str, AfterValidator(altcha_validator)]):
+# async def altcha_verify(payload: Annotated[Base64Str, AfterValidator(altcha_validator)]):
-    # if verified, return a JWT for anonymous API access
+#     # if verified, return a JWT for anonymous API access
-    expiration = datetime.now() + timedelta(days=30)
+#     expiration = datetime.now() + timedelta(days=30)
-    uuid = uuid4()
+#     uuid = uuid4()
-    bearer_token = {
+#     bearer_token = {
-        "iss": "slopserver",
+#         "iss": "slopserver",
-        "exp": int(expiration.timestamp()),
+#         "exp": int(expiration.timestamp()),
-        "aud": "slopserver",
+#         "aud": "slopserver",
-        "sub": str(uuid),
+#         "sub": str(uuid),
-        "client_id": str(uuid),
+#         "client_id": str(uuid),
-        "iat": int(datetime.now().timestamp()),
+#         "iat": int(datetime.now().timestamp()),
-        "jti": str(uuid)
+#         "jti": str(uuid)
-    }
+#     }
-    encoded_jwt = jwt.encode(bearer_token, TOKEN_SECRET, ALGO)
+#     encoded_jwt = jwt.encode(bearer_token, TOKEN_SECRET, ALGO)
-    return encoded_jwt
+#     return encoded_jwt