Refactor password hashing to use a constant PEPPER variable (#11)

Refactor password hashing to use a constant PEPPER variable for ease of use
0-C-E · Nov 20, 2024 · a2b43c2 · a2b43c2
1 parent 59b8f7a
commit a2b43c2
Showing 1 changed file with 3 additions and 4 deletions.
diff --git a/routes/authentication.py b/routes/authentication.py
@@ -14,12 +14,12 @@
 
 authentication_blueprint = Blueprint("authentication", __name__)
 ph = PasswordHasher()
+PEPPER = os.getenv("PEPPER", "SuperSecretPepper").encode("utf-8")
 
 
 def hash_password_with_salt_and_pepper(password: str) -> tuple[str, bytes]:
     salt = os.urandom(16)
-    pepper = os.getenv("PEPPER", "SuperSecretPepper").encode("utf-8")
-    seasoned_password = password.encode("utf-8") + salt + pepper
+    seasoned_password = password.encode("utf-8") + salt + PEPPER
     return ph.hash(seasoned_password), salt
 
 
@@ -93,8 +93,7 @@ def login():
         player_id = player["player_id"]
         stored_password = player["hashed_password"]
         salt = player["salt"]
-        pepper = os.getenv("PEPPER").encode("utf-8")
-        seasoned_password = password.encode("utf-8") + salt + pepper
+        seasoned_password = password.encode("utf-8") + salt + PEPPER
 
         try:
             ph.verify(stored_password, seasoned_password)