From 03c8f29569161b032970c2c7286cd00c068a7d46 Mon Sep 17 00:00:00 2001
From: Leticia Portella <leportella@gmail.com>
Date: Wed, 9 Jan 2019 12:21:24 +0000
Subject: [PATCH] Add password check on authenticator

---
 nativeauthenticator/nativeauthenticator.py | 4 +++-
 nativeauthenticator/orm.py                 | 5 +++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/nativeauthenticator/nativeauthenticator.py b/nativeauthenticator/nativeauthenticator.py
index 87c321a..274d121 100644
--- a/nativeauthenticator/nativeauthenticator.py
+++ b/nativeauthenticator/nativeauthenticator.py
@@ -20,7 +20,9 @@ def __init__(self, *args, **kwargs):
 
     @gen.coroutine
     def authenticate(self, handler, data):
-        return data['username']
+        user = UserInfo.find(self.db, data['username'])
+        if user.is_valid_password(data['password']):
+            return data['username']
 
     def get_or_create_user(self, username, password):
         user = User.find(self.db, username)
diff --git a/nativeauthenticator/orm.py b/nativeauthenticator/orm.py
index d6f7c17..150ccce 100644
--- a/nativeauthenticator/orm.py
+++ b/nativeauthenticator/orm.py
@@ -1,3 +1,4 @@
+import bcrypt
 from sqlalchemy import (
     Column, Integer, String
 )
@@ -18,3 +19,7 @@ def find(cls, db, username):
         Returns None if not found.
         """
         return db.query(cls).filter(cls.username == username).first()
+
+    def is_valid_password(self, password):
+        encoded_pw = bcrypt.hashpw(password.encode(), self.password)
+        return encoded_pw == self.password