From a30f242cc8ea292cdb1a04e83096c9dc9eeedf40 Mon Sep 17 00:00:00 2001
From: absurdo <antonio.delarosa@salirdelhoyo.com>
Date: Wed, 24 Jan 2024 00:31:20 +0100
Subject: [PATCH] Making compatible with deprecation of crypt module in python

---
 .../libraries/db/extrafields/passwordfield.py | 20 ++++++++++--
 paramecio2/modules/admin/app.py               | 31 ++++++++++++++++++-
 setup.py                                      |  2 +-
 3 files changed, 48 insertions(+), 5 deletions(-)

diff --git a/paramecio2/libraries/db/extrafields/passwordfield.py b/paramecio2/libraries/db/extrafields/passwordfield.py
index 2e76aa9..19957ee 100644
--- a/paramecio2/libraries/db/extrafields/passwordfield.py
+++ b/paramecio2/libraries/db/extrafields/passwordfield.py
@@ -20,7 +20,13 @@ along with this program.  If not, see <https://www.gnu.org/licenses/>.
 from paramecio2.libraries.db.corefields import PhangoField
 from paramecio2.libraries.db.coreforms import PasswordForm
 from hmac import compare_digest as compare_hash
-import crypt
+#try:
+#    import crypt
+#except:
+#    pass
+
+#import bcrypt
+from argon2 import PasswordHasher
 
 class PasswordField(PhangoField):
     """Field for check and save passwords"""
@@ -63,7 +69,10 @@ class PasswordField(PhangoField):
             
             #salt=crypt.mksalt(crypt.METHOD_SHA512)
             if self.encrypt_password:
-                value=crypt.crypt(value)
+                #value=crypt.crypt(value)
+                ph=PasswordHasher()
+                final_value=ph.hash(value)
+                return final_value
 
             """
             else:
@@ -79,7 +88,12 @@ class PasswordField(PhangoField):
     def verify( password, h):
         """Static method used for verify a password save using PasswordField"""
         #return bcrypt_sha256.verify(password, h)
-        return compare_hash(h, crypt.crypt(password, h))
+        #return compare_hash(h, crypt.crypt(password, h))
+        ph=PasswordHasher()
+        try:
+            return ph.verify(h, password)
+        except:
+            return False
 
 # Old function bcrypt
 
diff --git a/paramecio2/modules/admin/app.py b/paramecio2/modules/admin/app.py
index 60e1b1d..c9b5b05 100644
--- a/paramecio2/modules/admin/app.py
+++ b/paramecio2/modules/admin/app.py
@@ -15,6 +15,13 @@ from os import path
 from paramecio2.modules.admin import admin_app, t
 from paramecio2.libraries.sendmail import SendMail
 from paramecio2.libraries.formsutils import check_csrf
+from hmac import compare_digest as compare_hash
+
+try:
+    import crypt
+    crypt_pass=True
+except:
+    crypt_pass=False
 #import gettext
 
 #_=pgettext(__file__)
@@ -190,6 +197,7 @@ def logout():
 def login():
     
     #connection=WebModel.connection()
+    new_crypt=False
     
     user_admin=UserAdmin(g.connection)
 
@@ -218,7 +226,21 @@ def login():
         
         if arr_user and not check_login_tries():
             
-            if user_admin.fields['password'].verify(password, arr_user['password']):
+            # Layer compatibility with old crypt password
+            
+            check_pass=user_admin.fields['password'].verify(password, arr_user['password'])
+            
+            if not check_pass:
+                #check_pass=password_ok(password, arr_user['password'])
+                try:
+                    check_pass=compare_hash(arr_user['password'], crypt.crypt(password, arr_user['password']))
+                    new_crypt=True
+                except:
+                    print('Warning: python developers deleting unix crypt module support, you cannot use sha512 passwords.')
+                    check_pass=False
+                    pass
+            
+            if check_pass:
                 
                 if not arr_user['disabled']:
 
@@ -275,6 +297,13 @@ def login():
                     
                     if len(arr_update)>0:
                         
+                        if new_crypt:
+                            print('Changing password for %s to argon2' % arr_user['username'])
+                            
+                            user_admin.fields['password'].protected=False
+                            
+                            arr_update['password']=password
+                            
                         user_admin.set_conditions('WHERE id=%s', [arr_user['id']]).update(arr_update)
                     
                     return resp
diff --git a/setup.py b/setup.py
index 7b1da7a..3bc32e3 100644
--- a/setup.py
+++ b/setup.py
@@ -21,7 +21,7 @@ setup(name='paramecio2',
       url='https://git.cuchulu.com/paramecio/paramecio2fm/',
       packages=['paramecio2'],
       include_package_data=True,
-      install_requires=['flask', 'pymysql', 'sqlalchemy', 'colorama', 'python-slugify', 'mako', 'pillow', 'arrow', 'bleach'],
+      install_requires=['flask', 'pymysql', 'sqlalchemy', 'colorama', 'python-slugify', 'mako', 'pillow', 'arrow', 'bleach', 'argon2-cffi'],
       entry_points={'console_scripts': [
         'paramecio2 = paramecio2.console:start', 'paramecio2db = paramecio2.libraries.db.dbadmin:start', 'paramecio2lang = paramecio2.libraries.check_i18n:start',
       ]},