verifying password with hash on the backend to make sure we don't decrypt garbage and also to make sure that everything is encrypted with same password/key

src/app.py

@@ -1,6 +1,7 @@
 import os
 
-import bcrypt
+import binascii
+import scrypt
 import configparser
 from flask import Flask, request, send_from_directory
 from flask import render_template, redirect
@@ -11,6 +12,7 @@ from notes_api import notes_api
 from sql import connect
 from tree_api import tree_api
 from notes_move_api import notes_move_api
+from password_api import password_api
 
 config = configparser.ConfigParser()
 config.read('config.ini')
@@ -20,6 +22,7 @@ app.secret_key = config['Security']['flaskSecretKey']
 app.register_blueprint(tree_api)
 app.register_blueprint(notes_api)
 app.register_blueprint(notes_move_api)
+app.register_blueprint(password_api)
 
 class User(UserMixin):
     pass
@@ -53,11 +56,26 @@ connect(documentPath)
 
 hashedPassword = config['Login']['password-hash'].encode('utf-8')
 
+
+def verify_password(hex_hashed_password, guessed_password):
+    hashed_password = binascii.unhexlify(hex_hashed_password)
+
+    salt = "dc73b57736511340f132e4b5521d178afa6311c45e0c25e6a9339038507852a6"
+
+    hashed = scrypt.hash(password=guessed_password,
+                         salt=salt,
+                         N=16384,
+                         r=16,
+                         p=1,
+                         buflen=32)
+
+    return hashed == hashed_password
+
 @app.route('/login', methods=['POST'])
 def login_post():
     inputPassword = request.form['password'].encode('utf-8')
 
-    if request.form['username'] == user.id and bcrypt.hashpw(inputPassword, hashedPassword) == hashedPassword:
+    if request.form['username'] == user.id and verify_password(hashedPassword, inputPassword):
         rememberMe = True if 'remember-me' in request.form else False
 
         login_user(user, remember=rememberMe)