def hash_password_checker(token, password):
split = token.split(":")
if len(split) != 3:
return False
algorithm = split[0]
salt = split[1]
return not strings_differ(hash_password(password, salt, algorithm), token)
def hash_password_checker(token, password):
split = token.split(':')
if len(split) != 3:
return False
algorithm = split[0]
salt = split[1]
return not strings_differ(hash_password(password, salt, algorithm), token)
async def validate(self, token):
user = await find_user(self.request, token)
user_pw = getattr(user, 'password', None)
if (not user_pw or ':' not in user_pw or 'token' not in token):
return
split = user.password.split(':')
if len(split) != 3:
return False
algorithm = split[0]
salt = split[1]
if not strings_differ(hash_password(token['token'], salt, algorithm),
user_pw):
return user