Skip to content

Commit

Permalink
validate password in the background
Browse files Browse the repository at this point in the history
  • Loading branch information
axiomofjoy committed Aug 20, 2024
1 parent 144cb90 commit 59737da
Showing 1 changed file with 8 additions and 3 deletions.
11 changes: 8 additions & 3 deletions src/phoenix/server/api/routers/auth.py
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
import asyncio
from datetime import timedelta

from fastapi import APIRouter, Form, Request, Response
Expand All @@ -23,10 +24,14 @@ async def login(
async with request.app.state.db() as session:
if (
user := await session.scalar(select(models.User).where(models.User.email == email))
) is None:
) is None or (password_hash := user.password_hash) is None:
return Response(status_code=HTTP_401_UNAUTHORIZED)
if (password_hash := user.password_hash) is None or not is_valid_password(
password=password, salt=request.app.state.get_secret(), password_hash=password_hash
loop = asyncio.get_running_loop()
if not await loop.run_in_executor(
executor=None,
func=lambda: is_valid_password(
password=password, salt=request.app.state.get_secret(), password_hash=password_hash
),
):
return Response(status_code=HTTP_401_UNAUTHORIZED)
response = Response(status_code=HTTP_204_NO_CONTENT)
Expand Down

0 comments on commit 59737da

Please sign in to comment.