def authenticate(self, username, password):
"""
Verifies that a password matches the stored password for that username.
If verification passes, the matching user instance is returned
"""
PraetorianError.require_condition(
self.user_class is not None,
"Praetorian must be initialized before this method is available",
)
user = self.user_class.lookup(username)
AuthenticationError.require_condition(
user is not None and self._verify_password(
password,
user.password,
),
'The username and/or password are incorrect',
)
"""
If we are set to PRAETORIAN_HASH_AUTOUPDATE then check our hash
and if needed, update the user. The developer is responsible
for using the returned user object and updating the data
storage endpoint.
Else, if we are set to PRAETORIAN_HASH_AUTOTEST then check out hash
and return exception if our hash is using the wrong scheme,
but don't modify the user.
"""
if self.hash_autoupdate:
self.verify_and_update(user=user, password=password)
elif self.hash_autotest:
self.verify_and_update(user=user)
return user
def authenticate(self, username, password):
"""
Verifies that a password matches the stored password for that username.
If verification passes, the matching user instance is returned
"""
PraetorianError.require_condition(
self.user_class is not None,
"Praetorian must be initialized before this method is available",
)
user = self.user_class.lookup(username)
MissingUserError.require_condition(
user is not None,
'Could not find the requested user',
)
AuthenticationError.require_condition(
self._verify_password(password, user.password),
'The password is incorrect',
)
return user
def verify_and_update(self, user=None, password=None):
"""
Validate a password hash contained in the user object is
hashed with the defined hash scheme (PRAETORIAN_HASH_SCHEME).
If not, raise an Exception of `LegacySchema`, unless the
`password` arguement is provided, in which case an attempt
to call `user.save()` will be made, updating the hashed
password to the currently desired hash scheme
(PRAETORIAN_HASH_SCHEME).
:param: user: The user object to tie claim to
(username, id, email, etc). *MUST*
include the hashed password field,
defined as `user.password`
:param: password: The user's provide password from login.
If present, this is used to validate
and then attempt to update with the
new PRAETORIAN_HASH_SCHEME scheme.
"""
if self.pwd_ctx.needs_update(user.password):
if password:
(rv, updated) = self.pwd_ctx.verify_and_update(
password,
user.password,
)
AuthenticationError.require_condition(
rv,
"Could not verify password",
)
user.password = updated
else:
used_hash = self.pwd_ctx.identify(user.password)
desired_hash = self.hash_scheme
raise LegacyScheme(
"Hash using non-current scheme '{}'."
"Use '{}' instead.".format(used_hash, desired_hash)
)
return user