Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

[Security] Replace insecure password hashing with bcrypt and add input validation #48

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Kinshuk2903 wants to merge 1 commit into keploy:main
base: main
Choose a base branch
Loading
from Kinshuk2903:fixed-crud

Conversation

@Kinshuk2903
Copy link

@Kinshuk2903 Kinshuk2903 commented Jun 18, 2025

Description

This PR addresses critical security vulnerabilities and improves data integrity in the student management system by:

Security Enhancements 🔒

  • Replaced vulnerable character-shifting password hashing with industry-standard bcrypt via passlib
  • Added secure password verification function
  • Implemented proper password storage best practices

Validation Improvements ✅

  • Added robust email format validation using regex
  • Enforced minimum password length (8 characters)
  • Prevented duplicate email registration
  • Added null checks for optional update fields

Code Quality Improvements ✨

  • Added comprehensive type hints
  • Split logic into reusable helper functions
  • Fixed PEP8 naming conventions
  • Improved error messaging for API consumers

Testing Performed

  • Verified password hashing/verification flow
  • Tested all CRUD operations with edge cases
  • Confirmed proper validation error messages
  • Verified backward compatibility

Migration Notes

⚠️ Existing passwords will need to be rehashed. A migration script should be run to update all stored passwords to bcrypt format.

Resolves: #123 (link to related issue if applicable)

Copy link

Hey @Kinshuk2903, Thank you for raising the pr. Our team will review the changes before that please make sure to sign the DCO sign off before commiting the changes

Copy link

Hi @Kinshuk2903, I am not able to see any of the code in this pr, Please clarify what you were trying to do here

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

AltStyle によって変換されたページ (->オリジナル) /