bump: version 0.8.1 → 0.8.2

fix: add check_user_password() method for auth handler
2024-07-18 11:11:43 -05:00 · 2024-07-18 10:27:31 -05:00
4 changed files with 39 additions and 11 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -5,6 +5,12 @@ All notable changes to WuttJamaican will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).

+## v0.8.2 (2024-07-18)
+
+### Fix
+
+- add `check_user_password()` method for auth handler
+
 ## v0.8.1 (2024-07-17)

 ### Fix
--- a/pyproject.toml
+++ b/pyproject.toml
@ -6,7 +6,7 @@ build-backend = "hatchling.build"

 [project]
 name = "WuttJamaican"
-version = "0.8.1"
+version = "0.8.2"
 description = "Base package for Wutta Framework"
 readme = "README.md"
 authors = [{name = "Lance Edgar", email = "lance@edbob.org"}]
--- a/src/wuttjamaican/auth.py
+++ b/src/wuttjamaican/auth.py
@ -84,19 +84,30 @@ class AuthHandler(GenericHandler):
        :returns: :class:`~wuttjamaican.db.model.auth.User` instance,
           or ``None``.
        """
-        model = self.app.model
-
-        if isinstance(username, model.User):
-            user = username
-        else:
-            user = session.query(model.User)\
-                          .filter_by(username=username)\
-                          .first()
-
+        user = self.get_user(username, session=session)
        if user and user.active and user.password:
-            if password_context.verify(password, user.password):
+            if self.check_user_password(user, password):
                return user

+    def check_user_password(self, user, password, **kwargs):
+        """
+        Check a user's password.
+
+        This will hash the given password and compare it to the hashed
+        password we have on file for the given user account.
+
+        This is normally part of the login process, so the
+        ``password`` param refers to the password entered by a user;
+        this method will determine if it was correct.
+
+        :param user: :class:`~wuttjamaican.db.model.auth.User` instance.
+
+        :param password: User-entered password in plain text.
+
+        :returns: ``True`` if password matches; else ``False``.
+        """
+        return password_context.verify(password, user.password)
+
    def get_role(self, session, key, **kwargs):
        """
        Locate and return a :class:`~wuttjamaican.db.model.auth.Role`
--- a/tests/test_auth.py
+++ b/tests/test_auth.py
@ -60,6 +60,17 @@ else:
            user = self.handler.authenticate_user(self.session, 'barney', 'goodpass')
            self.assertIsNone(user)

+        def test_check_user_password(self):
+            model = self.app.model
+            barney = model.User(username='barney')
+            self.handler.set_user_password(barney, 'goodpass')
+            self.session.add(barney)
+            self.session.commit()
+
+            # basics
+            self.assertTrue(self.handler.check_user_password(barney, 'goodpass'))
+            self.assertFalse(self.handler.check_user_password(barney, 'BADPASS'))
+
        def test_get_role(self):
            model = self.app.model
            myrole = model.Role(name="My Role")
Author	SHA1	Message	Date
Lance Edgar	27b859c1c7	bump: version 0.8.1 → 0.8.2	2024-07-18 11:11:43 -05:00
Lance Edgar	c424a6cd8a	fix: add `check_user_password()` method for auth handler	2024-07-18 10:27:31 -05:00