From 1395df334e0a9d008e5219f9cfad97540edbf79a Mon Sep 17 00:00:00 2001
From: Ahti Kitsik <ahti@codehoop.com>
Date: Thu, 20 Feb 2014 16:02:39 +0200
Subject: [PATCH] Changing verify_password so it works like
 verify_and_update_password. Currently verify_password was not only creating a
 hmac hash but also encrypting (encrypt_password is first hmac-signing and
 then encrypting).

Removed unneccessary and wrong tests.
---
 flask_security/utils.py   |  5 ++++-
 tests/configured_tests.py | 13 +++++++++++++
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/flask_security/utils.py b/flask_security/utils.py
index 57d7e28..794cad0 100644
--- a/flask_security/utils.py
+++ b/flask_security/utils.py
@@ -111,7 +111,10 @@ def verify_password(password, password_hash):
     :param password: A plaintext password to verify
     :param password_hash: The expected hash value of the password (usually form your database)
     """
-    return _pwd_context.verify(encrypt_password(password), password_hash)
+    if _security.password_hash != 'plaintext':
+        password = get_hmac(password)
+
+    return _pwd_context.verify(password, password_hash)
 
 
 def verify_and_update_password(password, user):
diff --git a/tests/configured_tests.py b/tests/configured_tests.py
index 32d7b90..f0af0c4 100644
--- a/tests/configured_tests.py
+++ b/tests/configured_tests.py
@@ -20,6 +20,19 @@ from flask_security.signals import user_registered
 from tests import SecurityTest
 
 
+class PasswordVerifyEncryptTests(SecurityTest):
+
+    AUTH_CONFIG = {
+        'SECURITY_PASSWORD_HASH': 'bcrypt',
+        'SECURITY_PASSWORD_SALT': '89gf828uiguiu23ju2'
+    }
+
+    def test_verify_password_bcrypt(self):
+        from flask_security.utils import verify_password, encrypt_password
+        with self.app.app_context():
+            self.assertTrue(verify_password('custompassword', encrypt_password('custompassword')))
+
+
 class ConfiguredPasswordHashSecurityTests(SecurityTest):
 
     AUTH_CONFIG = {