archive/id-py
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add check for username in auth service

Browse source
This commit is contained in:
Andrey Chervyakov 2021-02-25 14:56:27 +06:00
parent 5117c661fa
commit 84d262b838
1 changed files with 8 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

11
app/auth/service.py
View file

@ -5,6 +5,7 @@ from typing import Optional
from jose import jwt from jose import jwt
from jose.constants import ALGORITHMS from jose.constants import ALGORITHMS
from sqlalchemy.orm import Session from sqlalchemy.orm import Session
import secrets
from app.auth.dto import Credentials from app.auth.dto import Credentials
from app.config import config from app.config import config
@ -16,11 +17,15 @@ JWT_ISSUER = "Energia"
def authenticate(credentials: Credentials, db: Session) -> Optional[str]: def authenticate(credentials: Credentials, db: Session) -> Optional[str]:
user = get_user_by_username(db, credentials.username) user = get_user_by_username(db, credentials.username)
if passwords_match(user.password, credentials.password):
if not secrets.compare_digest(user.username, credentials.username):
return None
if not passwords_match(user.password, credentials.password):
return None
else:
token = issue_token(user.id) token = issue_token(user.id)
return token return token
else:
return None
def issue_token(user_id: int) -> str: def issue_token(user_id: int) -> str: