diff --git a/flask_security/core.py b/flask_security/core.py index 4019d1c..65f8518 100644 --- a/flask_security/core.py +++ b/flask_security/core.py @@ -378,9 +378,7 @@ class AuthenticationProvider(object): raise exceptions.ConfirmationError('Email requires confirmation.', user) # compare passwords - if verify_password(password, user.password, - salt=_security.password_salt, - use_hmac=_security.password_hmac): + if verify_password(password, user.password): return user # bad match diff --git a/flask_security/datastore.py b/flask_security/datastore.py index 0ba376b..6cf4ede 100644 --- a/flask_security/datastore.py +++ b/flask_security/datastore.py @@ -95,9 +95,7 @@ class UserDatastore(object): pw = kwargs['password'] if not pwd_context.identify(pw): - pwd_hash = utils.encrypt_password(pw, - salt=_security.password_salt, - use_hmac=_security.password_hmac) + pwd_hash = utils.encrypt_password(pw) kwargs['password'] = pwd_hash return kwargs diff --git a/flask_security/decorators.py b/flask_security/decorators.py index 7a163f2..66255c7 100644 --- a/flask_security/decorators.py +++ b/flask_security/decorators.py @@ -69,9 +69,7 @@ def _check_http_auth(): try: user = _security.datastore.find_user(email=auth.username) - if utils.verify_password(auth.password, user.password, - salt=_security.password_salt, - use_hmac=_security.password_hmac): + if utils.verify_password(auth.password, user.password): identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) return True diff --git a/flask_security/recoverable.py b/flask_security/recoverable.py index d472fc2..54ab50f 100644 --- a/flask_security/recoverable.py +++ b/flask_security/recoverable.py @@ -79,9 +79,7 @@ def reset_by_token(token, password): data = serializer.loads(token, max_age=max_age) user = _datastore.find_user(id=data[0]) - user.password = encrypt_password(password, - salt=_security.password_salt, - use_hmac=_security.password_hmac) + user.password = encrypt_password(password) _datastore._save_model(user) send_password_reset_notice(user) diff --git a/flask_security/utils.py b/flask_security/utils.py index 6e34534..c0935e6 100644 --- a/flask_security/utils.py +++ b/flask_security/utils.py @@ -85,12 +85,18 @@ def get_hmac(msg, salt=None, digestmod=None): return base64.b64encode(hmac.new(salt, msg, digestmod).digest()) -def verify_password(password, password_hash, salt=None, use_hmac=False): +def verify_password(password, password_hash, salt=None, use_hmac=None): + salt = salt or _security.password_salt + if use_hmac is None: + use_hmac = _security.password_hmac hmac_value = get_hmac(password, salt) if use_hmac else password return _pwd_context.verify(hmac_value, password_hash) -def encrypt_password(password, salt=None, use_hmac=False): +def encrypt_password(password, salt=None, use_hmac=None): + salt = salt or _security.password_salt + if use_hmac is None: + use_hmac = _security.password_hmac hmac_value = get_hmac(password, salt) if use_hmac else password return _pwd_context.encrypt(hmac_value)