Add password hashing

app.py

@@ -11,6 +11,11 @@ from database.models import User
 app = Flask(__name__)
 
 app.debug = True if "DEBUG" in environ and environ["DEBUG"] else False
+app.config["SECRET_KEY"] = "_" if "SECRET_KEY" not in environ else environ["SECRET_KEY"]
+app.config["SECURITY_PASSWORD_SALT"] = app.config["SECRET_KEY"]
+
+user_datastore = get_user_datastore()
+security = Security(app, user_datastore)
 
 app.add_url_rule(
     '/graphql',
@@ -21,7 +26,6 @@ app.add_url_rule(
     )
 )
 
-user_datastore = get_user_datastore()
 
 @app.teardown_appcontext
 def shutdown_session(exception=None):

database/schema.py

@@ -3,6 +3,7 @@ from graphene import relay
 from graphene_sqlalchemy import SQLAlchemyObjectType, SQLAlchemyConnectionField
 from database.models import User as UserModel, Application as ApplicationModel, Role as RoleModel
 from database.database import db_session, get_user_datastore
+from flask_security.utils import hash_password
 
 user_datastore = get_user_datastore()
 
@@ -21,7 +22,9 @@ class UserMutation(graphene.Mutation):
     user = graphene.Field(User)
 
     def mutate(self, info, username, password, email):
-        user = user_datastore.create_user(username=username, email=email, password=password)
+        user = user_datastore.create_user(username=username,
+                                          email=email,
+                                          password=hash_password(password))
         user_datastore.commit()
         return UserMutation(user=user)
 

requirements.txt

@@ -4,3 +4,4 @@ flask-sqlalchemy
 flask-security
 graphene_sqlalchemy
 Flask-GraphQL
+bcrypt