Flask-HTTPAuth verify_password

Question

I am stuck on flask-httpauth's verify_password.

I have username and password script that hashes the password and puts it into a simple file. (Yes not the most secure but LDAP/LOGIN doesn't work correctly with Flask(Sandman.io) using my level of knowledge. I would like to put it into the database that sandman is reading to make it easier but everything I try with this app dies in a fire.).

In my wrapper I have a portion it makes into a dictionary with

users = {}
fileloc = '/usr/lib/sandman/user.list'
with open(fileloc) as i:
     for line in i:
          (key, val) = line.split()
          users[key] = val 

This gives me the dictionary for the authentication. This would work if the dictionary didn't have hashed passwords so I am left with a problem is getting it to work at this level.

What I have below doesn't work but was using the example as a test case and I am able to login pretty much with any username and password(awesome right?...)

@auth.verify_password
def verify_password(username, password):
    users = User.query.filter_by(username).first()
    if not users:
        return False
    return passlib.hash.sha256_crypt.verify(password, users.password_hash)

Any help on this would be greatly appreciated. Thanks.

Answer 1

You will need to mark the pages where a user needs to be logged in with

@auth.login_required

to be able to see whether or not the login is successful (you'll get an access denied error if it wasn't). I can't think of any other reason why you would have too many username+password combinations succeed, rather than too few.