async def authenticate(self, email, password): user = await self.request.app.objects.get(User, User.email == email) hasher = PBKDF2PasswordHasher() if not hasher.verify(password, encoded=user.password): logger.error("Password didn't verify with encoded version (email: [%s])", email) raise AuthenticationFailedError return user
def test_password_encode(): hasher = PBKDF2PasswordHasher() row_password = uuid.uuid4().hex encoded = hasher.encode(row_password, salt="test_salt") algorithm, iterations, salt, hash_ = encoded.split("$", 3) assert salt == "test_salt" assert algorithm == "pbkdf2_sha256" assert hash_ != row_password
def test_password_verify__incompatible_format__fail(): hasher = PBKDF2PasswordHasher() verified, err_message = hasher.verify(uuid.uuid4().hex, "fake-encoded-password") assert not verified assert err_message == ( "Encoded password has incompatible format: not enough values to unpack (expected 4, got 1)" )
async def authenticate(self, email: str, password: str) -> User: user = await User.async_get(db_session=self.db_session, email=email, is_active__is=True) if not user: logger.info("Not found active user with email [%s]", email) raise AuthenticationFailedError( "Not found active user with provided email.", response_status=ResponseStatus.INVALID_PARAMETERS, ) hasher = PBKDF2PasswordHasher() verified, error_msg = hasher.verify(password, encoded=user.password) if not verified: logger.error("Password didn't verify: email: %s | err: %s", email, error_msg) raise AuthenticationFailedError( "Email or password is invalid.", response_status=ResponseStatus.INVALID_PARAMETERS) return user
def verify_password(self, raw_password: str): hasher = PBKDF2PasswordHasher() return hasher.verify(raw_password, encoded=str(self.password))
def make_password(cls, raw_password: str): hasher = PBKDF2PasswordHasher() return hasher.encode(raw_password)
def test_password_verify__algorithm_mismatch__fail(): hasher = PBKDF2PasswordHasher() verified, err_message = hasher.verify( uuid.uuid4().hex, "fake-algorithm$1000$salt$enc-password") assert not verified assert err_message == "Algorithm mismatch!: fake-algorithm != pbkdf2_sha256"
def test_password_verify__ok(): hasher = PBKDF2PasswordHasher() row_password = uuid.uuid4().hex encoded = hasher.encode(row_password, salt="test_salt") assert hasher.verify(row_password, encoded) == (True, "")
def verify_password(self, raw_password: str) -> bool: hasher = PBKDF2PasswordHasher() verified, _ = hasher.verify(raw_password, encoded=str(self.password)) return verified