Centralize password check as method of 'User' objects

Author: DasSkelett

KerbalStuff/blueprints/accounts.py

@@ -138,7 +138,7 @@ def login() -> Union[str, werkzeug.wrappers.Response]:
             return render_template("login.html", username=username, errors='Your username or password is incorrect.')
         if user.confirmation != '' and user.confirmation is not None:
             return redirect("/account-pending")
-        if not bcrypt.hashpw(password.encode('utf-8'), user.password.encode('utf-8')) == user.password.encode('utf-8'):
+        if not user.check_password(password):
             return render_template("login.html", username=username, errors='Your username or password is incorrect.')
         login_user(user, remember=remember)
         if 'return_to' in request.form and request.form['return_to']:

KerbalStuff/blueprints/api.py

@@ -363,8 +363,7 @@ def login() -> Union[Dict[str, Any], Tuple[Dict[str, Any], int]]:
     user = User.query.filter(User.username.ilike(username)).first()
     if not user:
         return {'error': True, 'reason': 'Username or password is incorrect'}, 401
-    if not bcrypt.hashpw(password.encode('utf-8'),
-                         user.password.encode('utf-8')) == user.password.encode('utf-8'):
+    if not user.check_password(password):
         return {'error': True, 'reason': 'Username or password is incorrect'}, 401
     if user.confirmation and user.confirmation is not None:
         return {'error': True, 'reason': 'User is not confirmed'}, 403
@@ -439,7 +438,7 @@ def change_password(username: str) -> Union[Dict[str, Any], Tuple[Union[str, Any
     new_password = request.form.get('new-password', '')
     new_password_confirm = request.form.get('new-password-confirm', '')
 
-    if not bcrypt.hashpw(old_password.encode('utf-8'), current_user.password.encode('utf-8')) == current_user.password.encode('utf-8'):
+    if not current_user.check_password(old_password):
         return {'error': True, 'reason': 'The old password you entered doesn\'t match your current account password.'}
 
     pw_valid, pw_message = check_password_criteria(new_password, new_password_confirm)

KerbalStuff/objects.py

@@ -67,6 +67,9 @@ class User(Base):  # type: ignore
     def set_password(self, password: str) -> None:
         self.password = bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt()).decode('utf-8')
 
+    def check_password(self, password: str) -> bool:
+        return bcrypt.checkpw(password.encode('utf-8'), self.password.encode('utf-8'))
+
     def create_confirmation(self) -> None:
         self.confirmation = binascii.b2a_hex(os.urandom(20)).decode('utf-8')
 

requirements-backend.txt

@@ -1,5 +1,5 @@
 alembic
-bcrypt
+bcrypt>=3.1.0
 bleach
 bleach-allowlist
 celery