I am stuck on flask-httpauth's verify_password.
I have username and password script that hashes the password and puts it into a simple file. (Yes not the most secure but LDAP/LOGIN doesn't work correctly with Flask(Sandman.io) using my level of knowledge. I would like to put it into the database that sandman is reading to make it easier but everything I try with this app dies in a fire.).
In my wrapper I have a portion it makes into a dictionary with
users = {}
fileloc = '/usr/lib/sandman/user.list'
with open(fileloc) as i:
for line in i:
(key, val) = line.split()
users[key] = val
This gives me the dictionary for the authentication. This would work if the dictionary didn't have hashed passwords so I am left with a problem is getting it to work at this level.
What I have below doesn't work but was using the example as a test case and I am able to login pretty much with any username and password(awesome right?...)
@auth.verify_password
def verify_password(username, password):
users = User.query.filter_by(username).first()
if not users:
return False
return passlib.hash.sha256_crypt.verify(password, users.password_hash)
Any help on this would be greatly appreciated. Thanks.
You will need to mark the pages where a user needs to be logged in with
to be able to see whether or not the login is successful (you'll get an access denied error if it wasn't). I can't think of any other reason why you would have too many username+password combinations succeed, rather than too few.