do not break API. add a new function to verify and update password

This commit is contained in:
Christophe Simonis
2013-01-08 01:01:02 +01:00
parent d0497fc886
commit a89b76d648
3 changed files with 11 additions and 7 deletions
+1 -1
View File
@@ -67,7 +67,7 @@ def _check_http_auth():
auth = request.authorization or dict(username=None, password=None)
user = _security.datastore.find_user(email=auth.username)
if user and utils.verify_password(auth.password, user):
if user and utils.verify_and_update_password(auth.password, user):
_security.datastore.commit()
app = current_app._get_current_object()
identity_changed.send(app, identity=Identity(user.id))
+2 -2
View File
@@ -16,7 +16,7 @@ from flask.ext.wtf import Form as BaseForm, TextField, PasswordField, \
from werkzeug.local import LocalProxy
from .confirmable import requires_confirmation
from .utils import verify_password, get_message
from .utils import verify_and_update_password, get_message
# Convenient reference
_datastore = LocalProxy(lambda: current_app.extensions['security'].datastore)
@@ -162,7 +162,7 @@ class LoginForm(Form, NextFormMixin):
if self.user is None:
self.email.errors.append('Specified user does not exist')
return False
if not verify_password(self.password.data, self.user):
if not verify_and_update_password(self.password.data, self.user):
self.password.errors.append('Invalid password')
return False
if requires_confirmation(self.user):
+8 -4
View File
@@ -82,12 +82,16 @@ def get_hmac(password):
return base64.b64encode(h.digest())
def verify_password(password, user):
verify, new_password = _pwd_context.verify_and_update(get_hmac(password), user.password)
if verify and new_password:
def verify_password(password, password_hash):
return _pwd_context.verify(get_hmac(password), password_hash)
def verify_and_update_password(password, user):
verified, new_password = _pwd_context.verify_and_update(get_hmac(password), user.password)
if verified and new_password:
user.password = new_password
_datastore.put(user)
return verify
return verified
def encrypt_password(password):