Merge pull request #223 from ahtik/issue-verify_password

verify_password in 1.7.0 was no longer behaving like in 1.6.9

flask_security/utils.py

@@ -111,7 +111,10 @@ def verify_password(password, password_hash):
     :param password: A plaintext password to verify
     :param password_hash: The expected hash value of the password (usually form your database)
     """
-    return _pwd_context.verify(encrypt_password(password), password_hash)
+    if _security.password_hash != 'plaintext':
+        password = get_hmac(password)
+
+    return _pwd_context.verify(password, password_hash)
 
 
 def verify_and_update_password(password, user):

tests/configured_tests.py

@@ -20,6 +20,19 @@ from flask_security.signals import user_registered
 from tests import SecurityTest
 
 
+class PasswordVerifyEncryptTests(SecurityTest):
+
+    AUTH_CONFIG = {
+        'SECURITY_PASSWORD_HASH': 'bcrypt',
+        'SECURITY_PASSWORD_SALT': '89gf828uiguiu23ju2'
+    }
+
+    def test_verify_password_bcrypt(self):
+        from flask_security.utils import verify_password, encrypt_password
+        with self.app.app_context():
+            self.assertTrue(verify_password('custompassword', encrypt_password('custompassword')))
+
+
 class ConfiguredPasswordHashSecurityTests(SecurityTest):
 
     AUTH_CONFIG = {