Permalink
Browse files

Merge pull request #223 from ahtik/issue-verify_password

verify_password in 1.7.0 was no longer behaving like in 1.6.9
  • Loading branch information...
mattupstate committed Feb 20, 2014
2 parents 0268a2d + 1395df3 commit 1d3a75d77b81c6dfacc0835899d3d5d08fe8043a
Showing with 17 additions and 1 deletion.
  1. +4 −1 flask_security/utils.py
  2. +13 −0 tests/configured_tests.py
View
@@ -111,7 +111,10 @@ def verify_password(password, password_hash):
:param password: A plaintext password to verify
:param password_hash: The expected hash value of the password (usually form your database)
"""
- return _pwd_context.verify(encrypt_password(password), password_hash)
+ if _security.password_hash != 'plaintext':
+ password = get_hmac(password)
+
+ return _pwd_context.verify(password, password_hash)
def verify_and_update_password(password, user):
View
@@ -20,6 +20,19 @@
from tests import SecurityTest
+class PasswordVerifyEncryptTests(SecurityTest):
+
+ AUTH_CONFIG = {
+ 'SECURITY_PASSWORD_HASH': 'bcrypt',
+ 'SECURITY_PASSWORD_SALT': '89gf828uiguiu23ju2'
+ }
+
+ def test_verify_password_bcrypt(self):
+ from flask_security.utils import verify_password, encrypt_password
+ with self.app.app_context():
+ self.assertTrue(verify_password('custompassword', encrypt_password('custompassword')))
+
+
class ConfiguredPasswordHashSecurityTests(SecurityTest):
AUTH_CONFIG = {

0 comments on commit 1d3a75d

Please sign in to comment.