def valid_user_auth(password_from_request, user):
password_is_valid = checkpw(password_from_request, user.password)
too_many_failed_logins = user.failed_login_count > current_app.config['MAX_FAILED_LOGIN_COUNT']
if password_is_valid and user.active and not too_many_failed_logins:
return True
return False
def test_should_check_password():
password = "******"
password_hash = hashpw(password)
assert checkpw(password, password_hash) is True
def test_should_check_invalid_password():
password = "******"
password_hash = hashpw(password)
assert checkpw("not my password", password_hash) is False