mirror of
https://github.com/wassname/flask-security.git
synced 2026-07-14 01:10:34 +08:00
do not break API. add a new function to verify and update password
This commit is contained in:
@@ -67,7 +67,7 @@ def _check_http_auth():
|
||||
auth = request.authorization or dict(username=None, password=None)
|
||||
user = _security.datastore.find_user(email=auth.username)
|
||||
|
||||
if user and utils.verify_password(auth.password, user):
|
||||
if user and utils.verify_and_update_password(auth.password, user):
|
||||
_security.datastore.commit()
|
||||
app = current_app._get_current_object()
|
||||
identity_changed.send(app, identity=Identity(user.id))
|
||||
|
||||
@@ -16,7 +16,7 @@ from flask.ext.wtf import Form as BaseForm, TextField, PasswordField, \
|
||||
from werkzeug.local import LocalProxy
|
||||
|
||||
from .confirmable import requires_confirmation
|
||||
from .utils import verify_password, get_message
|
||||
from .utils import verify_and_update_password, get_message
|
||||
|
||||
# Convenient reference
|
||||
_datastore = LocalProxy(lambda: current_app.extensions['security'].datastore)
|
||||
@@ -162,7 +162,7 @@ class LoginForm(Form, NextFormMixin):
|
||||
if self.user is None:
|
||||
self.email.errors.append('Specified user does not exist')
|
||||
return False
|
||||
if not verify_password(self.password.data, self.user):
|
||||
if not verify_and_update_password(self.password.data, self.user):
|
||||
self.password.errors.append('Invalid password')
|
||||
return False
|
||||
if requires_confirmation(self.user):
|
||||
|
||||
@@ -82,12 +82,16 @@ def get_hmac(password):
|
||||
return base64.b64encode(h.digest())
|
||||
|
||||
|
||||
def verify_password(password, user):
|
||||
verify, new_password = _pwd_context.verify_and_update(get_hmac(password), user.password)
|
||||
if verify and new_password:
|
||||
def verify_password(password, password_hash):
|
||||
return _pwd_context.verify(get_hmac(password), password_hash)
|
||||
|
||||
|
||||
def verify_and_update_password(password, user):
|
||||
verified, new_password = _pwd_context.verify_and_update(get_hmac(password), user.password)
|
||||
if verified and new_password:
|
||||
user.password = new_password
|
||||
_datastore.put(user)
|
||||
return verify
|
||||
return verified
|
||||
|
||||
|
||||
def encrypt_password(password):
|
||||
|
||||
Reference in New Issue
Block a user