rob
/
CmdForge
1
0
Fork 0
Code Issues Pull Requests Packages Projects 1 Releases Wiki Activity

Fix password reset to use argon2 hasher 

Was using werkzeug's generate_password_hash which creates incompatible
hashes. Now uses the same argon2 password_hasher as registration/login.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
rob 2026-01-14 00:07:21 -04:00
parent eacfd0d74a
commit 155905b61e
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/cmdforge/registry/app.py
View File

@ -2531,7 +2531,6 @@ def create_app() -> Flask:
def admin_reset_password(publisher_id: int) -> Response: def admin_reset_password(publisher_id: int) -> Response:
"""Generate a temporary password for a publisher.""" """Generate a temporary password for a publisher."""
import secrets import secrets
from werkzeug.security import generate_password_hash
publisher = query_one(g.db, "SELECT * FROM publishers WHERE id = ?", [publisher_id]) publisher = query_one(g.db, "SELECT * FROM publishers WHERE id = ?", [publisher_id])
if not publisher: if not publisher:
@ -2539,7 +2538,7 @@ def create_app() -> Flask:
# Generate a temporary password # Generate a temporary password
temp_password = secrets.token_urlsafe(12) temp_password = secrets.token_urlsafe(12)
password_hash = generate_password_hash(temp_password) password_hash = password_hasher.hash(temp_password)
g.db.execute( g.db.execute(
"UPDATE publishers SET password_hash = ? WHERE id = ?", "UPDATE publishers SET password_hash = ? WHERE id = ?",