Calculate pw hash consistently with auth logic (#622)

someengineering · Sep 13, 2024 · 5c1fb6e · 5c1fb6e
1 parent fa64056
commit 5c1fb6e
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 4 deletions.
diff --git a/fixbackend/auth/user_manager.py b/fixbackend/auth/user_manager.py
@@ -310,10 +310,9 @@ async def update(
             if not user_update.current_password:
                 raise exceptions.InvalidPasswordException(reason="Current password is required to update password.")
 
-            db_pwd_hash = user.hashed_password
-            user_pwd_hash = self.password_helper.hash(user_update.current_password)
+            verified, _ = self.password_helper.verify_and_update(user_update.current_password, user.hashed_password)
 
-            if not secrets.compare_digest(db_pwd_hash, user_pwd_hash):
+            if not verified:
                 raise exceptions.InvalidPasswordException(reason="Current password is incorrect.")
 
         return await super().update(user_update, user, safe)

diff --git a/tests/fixbackend/auth/router_test.py b/tests/fixbackend/auth/router_test.py
@@ -40,6 +40,7 @@
 from fixbackend.workspaces.models import WorkspaceInvitation
 from fixbackend.workspaces.repository import WorkspaceRepository
 from tests.fixbackend.conftest import InMemoryDomainEventPublisher, InsecureFastPasswordHelper
+from fastapi_users.password import PasswordHelper
 
 
 class InMemoryVerifier(AuthEmailSender):
@@ -156,11 +157,12 @@ async def test_registration_flow(
     workspace_repository: WorkspaceRepository,
     user_repository: UserRepository,
     cert_store: CertificateStore,
-    password_helper: InsecureFastPasswordHelper,
     user_manager: UserManager,
     jwt_strategy: FixJWTStrategy,
     fix_deps: FixDependencies,
 ) -> None:
+
+    user_manager.password_helper = PasswordHelper()
     verifier = fix_deps.service(ServiceNames.auth_email_sender, InMemoryVerifier)
     role_repo = fix_deps.add(ServiceNames.role_repository, InMemoryRoleRepository())
     registration_json = {