apache
diff --git a/‎actions/Taskfile.yml‎
Lines changed: 1 addition & 1 deletion b/‎actions/Taskfile.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎actions/login/__main__.py‎
Lines changed: 8 additions & 4 deletions b/‎actions/login/__main__.py‎
Lines changed: 8 additions & 4 deletions
diff --git a/‎deploy/nuvolaris-permissions/openwhisk-runtimes-cm.yaml‎
Lines changed: 1 addition & 1 deletion b/‎deploy/nuvolaris-permissions/openwhisk-runtimes-cm.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎nuvolaris/bcrypt_util.py‎
Lines changed: 47 additions & 0 deletions b/‎nuvolaris/bcrypt_util.py‎
Lines changed: 47 additions & 0 deletions
diff --git a/‎nuvolaris/nuvolaris_metadata.py‎
Lines changed: 9 additions & 1 deletion b/‎nuvolaris/nuvolaris_metadata.py‎
Lines changed: 9 additions & 1 deletion
diff --git a/‎nuvolaris/operator_util.py‎
Lines changed: 1 addition & 1 deletion b/‎nuvolaris/operator_util.py‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎nuvolaris/user_metadata.py‎
Lines changed: 10 additions & 2 deletions b/‎nuvolaris/user_metadata.py‎
Lines changed: 10 additions & 2 deletions
diff --git a/‎nuvolaris/userdb_util.py‎
Lines changed: 46 additions & 40 deletions b/‎nuvolaris/userdb_util.py‎
Lines changed: 46 additions & 40 deletions
diff --git a/‎poetry.lock‎
Lines changed: 39 additions & 1 deletion b/‎poetry.lock‎
Lines changed: 39 additions & 1 deletion
diff --git a/‎pyproject.toml‎
Lines changed: 1 addition & 0 deletions b/‎pyproject.toml‎
Lines changed: 1 addition & 0 deletions
@@ -73,7 +73,7 @@ tasks:
   login:prepare:
     - |- 
       mkdir -p login/nuvolaris
-      cp ../nuvolaris/config.py ../nuvolaris/couchdb_util.py login/nuvolaris
+      cp ../nuvolaris/config.py ../nuvolaris/couchdb_util.py ../nuvolaris/bcrypt_util.py login/nuvolaris
     - |-
       cd login
       rm  -f ../{{.DEPLOY}}/login.zip
 
@@ -16,9 +16,12 @@
 # under the License.
 #
 
+import json
+import logging
+
+import nuvolaris.bcrypt_util as bu
 import nuvolaris.config as cfg
 import nuvolaris.couchdb_util as cu
-import logging, json
 
 USER_META_DBN = "users_metadata"
 
@@ -79,14 +82,15 @@ def main(args):
     cfg.put("couchdb.admin.user", args['couchdb_user'])
     cfg.put("couchdb.admin.password", args['couchdb_password'])
 
-    if('login' in args and 'password' in args):
+    if 'login' in args and 'password' in args:
         db = cu.CouchDB()
         login = args['login']
         password = args['password']
         user_data = fetch_user_data(db,login)
 
-        if(user_data):
-            if(password == user_data['password']):
+        if user_data:
+            if bu.verify_password(password, user_data['password']):
+            # if(password == user_data['password']):
                 return build_response(map_data(user_data))
             else:
                 return build_error(f"password mismatch for user {login}")
 
@@ -101,7 +101,7 @@ data:
                     "image": {
                         "prefix": "apache",
                         "name": "openserverless-runtime-python",
-                        "tag": "v3.12-2409142109"
+                        "tag": "v3.12-2501141314"
                     },
                     "deprecated": false,
                     "attached": {
 
@@ -0,0 +1,47 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+import bcrypt
+
+def hash_password(password: str) -> str:
+    """
+    Apply bcrypt hash algorithm to password.
+
+    Args:
+        password (str): Password to hash
+
+    Returns:
+        str: Hashed password
+    """
+    password_bytes = password.encode('utf-8')
+    salt = bcrypt.gensalt()
+    hashed_password = bcrypt.hashpw(password_bytes, salt)
+    return hashed_password.decode('utf-8')
+
+def verify_password(password: str, hashed_password: str) -> bool:
+    """
+    Verify if hashed password matches password.
+
+    Args:
+        password (str): The plain password to verify
+        hashed_password (str): The saved hashed password
+
+    Returns:
+        bool: True if hashed password matches password. False otherwise
+    """
+    return bcrypt.checkpw(password.encode('utf-8'), hashed_password.encode('utf-8'))
+
@@ -17,16 +17,24 @@
 #
 import json
 import logging
+from datetime import datetime
+
+import nuvolaris.bcrypt_util as bu
 import nuvolaris.config as cfg
 import nuvolaris.util as util
 
+
 class NuvolarisMetadata:
     _data = {}
 
     def __init__(self):
+        password = cfg.get('nuvolaris.password') or "nuvpassw0rd"
+        salted_password = bu.hash_password(password)
+
         self._data = {
             "login":"nuvolaris",
-            "password":cfg.get('nuvolaris.password') or "nuvpassw0rd",
+            "password":salted_password,
+            "password_timestamp": datetime.now().isoformat(),
             "email":cfg.get('nuvolaris.email') or "[email protected]",
             "metadata":[]            
         }
 
@@ -104,7 +104,7 @@ def config_from_spec(spec, handler_type = "on_create"):
     """
     Initialize the global configuration from the given spec.
     :param spec 
-    :param on_resume boolen flag telling if thsi method is called from the on_resume handler
+    :param on_resume boolean flag telling if this method is called from the on_resume handler
     """
     cfg.clean()
     cfg.configure(spec)
 
@@ -17,17 +17,25 @@
 #
 import json
 import logging
-import nuvolaris.util as util
+from datetime import datetime
 
+import nuvolaris.bcrypt_util as bu
+import nuvolaris.util as util
 from nuvolaris.user_config import UserConfig
 
+
 class UserMetadata:
     _data = {}
 
     def __init__(self, ucfg: UserConfig):
+
+        password = ucfg.get('password')
+        salted_password = bu.hash_password(password)
+
         self._data = {
             "login":ucfg.get('namespace'),
-            "password":ucfg.get('password'),
+            "password":salted_password,
+            "password_timestamp": datetime.now().isoformat(),
             "email":ucfg.get('email'),
             "metadata":[],
             "quota":[]
 
@@ -15,26 +15,28 @@
 # specific language governing permissions and limitations
 # under the License.
 #
-import logging, json
-import nuvolaris.config as cfg
+import json
+import logging
+
 import nuvolaris.couchdb as cdb
 import nuvolaris.couchdb_util as couchdb_util
-import nuvolaris.user_config as user_config
 import nuvolaris.util as util
-import nuvolaris.mongodb as mdb
-from nuvolaris.user_metadata import UserMetadata
 from nuvolaris.nuvolaris_metadata import NuvolarisMetadata
-
+from nuvolaris.user_metadata import UserMetadata
+import nuvolaris.bcrypt_util as bu
 USER_META_DBN = "users_metadata"
 
+
 def _add_metadata(db, metadata):
     """
     Add a new Openwhisk User metadata entry     
     """
     res = util.check(db.wait_db_ready(60), "wait_db_ready", True)
-    return util.check(cdb.update_templated_doc(db, USER_META_DBN, "user_metadata.json", metadata), f"add_metadata {metadata['login']}", res)
-    
-def save_user_metadata(user_metadata:UserMetadata):
+    return util.check(cdb.update_templated_doc(db, USER_META_DBN, "user_metadata.json", metadata),
+                      f"add_metadata {metadata['login']}", res)
+
+
+def save_user_metadata(user_metadata: UserMetadata):
     """
     Add a generic user metadata into the internal CouchDB 
     """
@@ -48,7 +50,8 @@ def save_user_metadata(user_metadata:UserMetadata):
         logging.error(f"failed to store Nuvolaris metadata for {metadata['login']}. Cause: {e}")
         return None
 
-def save_nuvolaris_metadata(nuvolaris_metadata:NuvolarisMetadata):
+
+def save_nuvolaris_metadata(nuvolaris_metadata: NuvolarisMetadata):
     """
     Add nuvolaris user metadata into the internal CouchDB 
     """
@@ -60,69 +63,72 @@ def save_nuvolaris_metadata(nuvolaris_metadata:NuvolarisMetadata):
         return _add_metadata(db, metadata)
     except Exception as e:
         logging.error(f"failed to store Nuvolaris metadata for {metadata['login']}. Cause: {e}")
-        return None        
+        return None
+
 
 def delete_user_metadata(login):
     logging.info(f"removing Nuvolaris metadata for user {login}")
 
     try:
         db = couchdb_util.CouchDB()
-        selector = {"selector":{"login": {"$eq": login }}}
+        selector = {"selector": {"login": {"$eq": login}}}
         response = db.find_doc(USER_META_DBN, json.dumps(selector))
 
-        if(response['docs']):
-                docs = list(response['docs'])
-                if(len(docs) > 0):
-                    doc = docs[0]
-                    logging.info(f"removing user metadata documents {doc['_id']}")
-                    return db.delete_doc(USER_META_DBN,doc['_id'])
-        
+        if (response['docs']):
+            docs = list(response['docs'])
+            if (len(docs) > 0):
+                doc = docs[0]
+                logging.info(f"removing user metadata documents {doc['_id']}")
+                return db.delete_doc(USER_META_DBN, doc['_id'])
+
         logging.warn(f"Nuvolaris metadata for user {login} not found!")
         return None
     except Exception as e:
         logging.error(f"failed to remove Nuvolaris metadata for user {login}. Reason: {e}")
         return None
 
+
 def update_user_metadata_password(login, password):
     logging.info(f"updating Nuvolaris password for user {login}")
 
     try:
         db = couchdb_util.CouchDB()
-        selector = {"selector":{"login": {"$eq": login }}}
+        selector = {"selector": {"login": {"$eq": login}}}
         response = db.find_doc(USER_META_DBN, json.dumps(selector))
 
-        if(response['docs']):
-                docs = list(response['docs'])
-                if(len(docs) > 0):
-                    doc = docs[0]
-                    logging.info(f"updating user credentials {doc['_id']}")
-                    doc['password']=password
-                    return db.update_doc(USER_META_DBN,doc)
-        
+        if (response['docs']):
+            docs = list(response['docs'])
+            if (len(docs) > 0):
+                doc = docs[0]
+                logging.info(f"updating user credentials {doc['_id']}")
+                doc['password'] = bu.hash_password(password)
+                return db.update_doc(USER_META_DBN, doc)
+
         logging.warn(f"Nuvolaris metadata for user {login} not found!")
         return None
     except Exception as e:
         logging.error(f"failed to update credentials for quota Nuvolaris user {login}. Reason: {e}")
-        return None 
+        return None
+
 
-def update_user_metadata_quota(login, quota:list):
+def update_user_metadata_quota(login, quota: list):
     logging.info(f"updating Nuvolaris quota for user {login}")
 
     try:
         db = couchdb_util.CouchDB()
-        selector = {"selector":{"login": {"$eq": login }}}
+        selector = {"selector": {"login": {"$eq": login}}}
         response = db.find_doc(USER_META_DBN, json.dumps(selector))
 
-        if(response['docs']):
-                docs = list(response['docs'])
-                if(len(docs) > 0):
-                    doc = docs[0]
-                    logging.info(f"updating user quota {doc['_id']}")
-                    doc['quota']=quota
-                    return db.update_doc(USER_META_DBN,doc)
-        
+        if (response['docs']):
+            docs = list(response['docs'])
+            if (len(docs) > 0):
+                doc = docs[0]
+                logging.info(f"updating user quota {doc['_id']}")
+                doc['quota'] = quota
+                return db.update_doc(USER_META_DBN, doc)
+
         logging.warn(f"Nuvolaris metadata for user {login} not found!")
         return None
     except Exception as e:
         logging.error(f"failed to update quota for Nuvolaris user {login}. Reason: {e}")
-        return None               
+        return None
@@ -35,6 +35,7 @@ backoff = "^2.2.1"
 psycopg-binary = "^3.1.18"
 psycopg = "^3.1.18"
 redis = "^5.0.4"
+bcrypt = "^4.2.1"
 
 [tool.poetry.dev-dependencies]
 ipython = "^7.31.0"