Changing verify_password so it works like verify_and_update_password. Currently verify_password was not only creating a hmac hash but also encrypting (encrypt_password is first hmac-signing and then encrypting).

Removed unneccessary and wrong tests.
This commit is contained in:
Ahti Kitsik
2014-02-20 16:02:39 +02:00
parent 0268a2d568
commit 1395df334e
2 changed files with 17 additions and 1 deletions
+4 -1
View File
@@ -111,7 +111,10 @@ def verify_password(password, password_hash):
:param password: A plaintext password to verify
:param password_hash: The expected hash value of the password (usually form your database)
"""
return _pwd_context.verify(encrypt_password(password), password_hash)
if _security.password_hash != 'plaintext':
password = get_hmac(password)
return _pwd_context.verify(password, password_hash)
def verify_and_update_password(password, user):
+13
View File
@@ -20,6 +20,19 @@ from flask_security.signals import user_registered
from tests import SecurityTest
class PasswordVerifyEncryptTests(SecurityTest):
AUTH_CONFIG = {
'SECURITY_PASSWORD_HASH': 'bcrypt',
'SECURITY_PASSWORD_SALT': '89gf828uiguiu23ju2'
}
def test_verify_password_bcrypt(self):
from flask_security.utils import verify_password, encrypt_password
with self.app.app_context():
self.assertTrue(verify_password('custompassword', encrypt_password('custompassword')))
class ConfiguredPasswordHashSecurityTests(SecurityTest):
AUTH_CONFIG = {