ensure authentication isn't possible without password

2025-07-03 12:47:46 +00:00 · 2017-11-06 23:36:11 +01:00
parent 5a1a4b0161
commit d65efe477a
2 changed files with 7 additions and 5 deletions
--- a/app/models.py
+++ b/app/models.py
@ -133,7 +133,9 @@ class User(db.Model):

    def check_password(self, hashed_password):
        # Check hased password. Useing bcrypt, the salt is saved into the hash itself
-        return bcrypt.checkpw(self.plain_text_password.encode('utf-8'), hashed_password.encode('utf-8'))
+        if (self.plain_text_password):
+            return bcrypt.checkpw(self.plain_text_password.encode('utf-8'), hashed_password.encode('utf-8'))
+        return False

    def get_user_info_by_id(self):
        user_info = User.query.get(int(self.id))