diff --git a/app.py b/app.py
index e4750d3404e92a6780a7ff721761ecefff236a5e..d87831047101e75d5369be2ce4b977fd84a3786c 100644
--- a/app.py
+++ b/app.py
@@ -11,6 +11,11 @@ from database.models import User
app = Flask(__name__)
app.debug = True if "DEBUG" in environ and environ["DEBUG"] else False
+app.config["SECRET_KEY"] = "_" if "SECRET_KEY" not in environ else environ["SECRET_KEY"]
+app.config["SECURITY_PASSWORD_SALT"] = app.config["SECRET_KEY"]
+
+user_datastore = get_user_datastore()
+security = Security(app, user_datastore)
app.add_url_rule(
'/graphql',
@@ -21,7 +26,6 @@ app.add_url_rule(
)
)
-user_datastore = get_user_datastore()
@app.teardown_appcontext
def shutdown_session(exception=None):
diff --git a/database/schema.py b/database/schema.py
index d0e2ba74fdeb0fdc37d2d7e4f9eeb3a058b68e30..79f72bdb5d7beb9d92e084f8dccfef46bffe2639 100644
--- a/database/schema.py
+++ b/database/schema.py
@@ -3,6 +3,7 @@ from graphene import relay
from graphene_sqlalchemy import SQLAlchemyObjectType, SQLAlchemyConnectionField
from database.models import User as UserModel, Application as ApplicationModel, Role as RoleModel
from database.database import db_session, get_user_datastore
+from flask_security.utils import hash_password
user_datastore = get_user_datastore()
@@ -21,7 +22,9 @@ class UserMutation(graphene.Mutation):
user = graphene.Field(User)
def mutate(self, info, username, password, email):
- user = user_datastore.create_user(username=username, email=email, password=password)
+ user = user_datastore.create_user(username=username,
+ email=email,
+ password=hash_password(password))
user_datastore.commit()
return UserMutation(user=user)
diff --git a/requirements.txt b/requirements.txt
index 18fe452d8710db8caf6994633b7a74c0b00b7afc..c94686f8b4433f7d16230a06da4c46b87f21008f 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -4,3 +4,4 @@ flask-sqlalchemy
flask-security
graphene_sqlalchemy
Flask-GraphQL
+bcrypt