async def authenticate(self, email, password):
user = await self.request.app.objects.get(User, User.email == email)
hasher = PBKDF2PasswordHasher()
if not hasher.verify(password, encoded=user.password):
logger.error("Password didn't verify with encoded version (email: [%s])", email)
raise AuthenticationFailedError
return user
def test_password_encode():
hasher = PBKDF2PasswordHasher()
row_password = uuid.uuid4().hex
encoded = hasher.encode(row_password, salt="test_salt")
algorithm, iterations, salt, hash_ = encoded.split("$", 3)
assert salt == "test_salt"
assert algorithm == "pbkdf2_sha256"
assert hash_ != row_password
def test_password_verify__incompatible_format__fail():
hasher = PBKDF2PasswordHasher()
verified, err_message = hasher.verify(uuid.uuid4().hex,
"fake-encoded-password")
assert not verified
assert err_message == (
"Encoded password has incompatible format: not enough values to unpack (expected 4, got 1)"
)
async def authenticate(self, email: str, password: str) -> User:
user = await User.async_get(db_session=self.db_session,
email=email,
is_active__is=True)
if not user:
logger.info("Not found active user with email [%s]", email)
raise AuthenticationFailedError(
"Not found active user with provided email.",
response_status=ResponseStatus.INVALID_PARAMETERS,
)
hasher = PBKDF2PasswordHasher()
verified, error_msg = hasher.verify(password, encoded=user.password)
if not verified:
logger.error("Password didn't verify: email: %s | err: %s", email,
error_msg)
raise AuthenticationFailedError(
"Email or password is invalid.",
response_status=ResponseStatus.INVALID_PARAMETERS)
return user
def verify_password(self, raw_password: str):
hasher = PBKDF2PasswordHasher()
return hasher.verify(raw_password, encoded=str(self.password))
def make_password(cls, raw_password: str):
hasher = PBKDF2PasswordHasher()
return hasher.encode(raw_password)
def test_password_verify__algorithm_mismatch__fail():
hasher = PBKDF2PasswordHasher()
verified, err_message = hasher.verify(
uuid.uuid4().hex, "fake-algorithm$1000$salt$enc-password")
assert not verified
assert err_message == "Algorithm mismatch!: fake-algorithm != pbkdf2_sha256"
def test_password_verify__ok():
hasher = PBKDF2PasswordHasher()
row_password = uuid.uuid4().hex
encoded = hasher.encode(row_password, salt="test_salt")
assert hasher.verify(row_password, encoded) == (True, "")
def verify_password(self, raw_password: str) -> bool:
hasher = PBKDF2PasswordHasher()
verified, _ = hasher.verify(raw_password, encoded=str(self.password))
return verified