Checks whether the given credentials are valid. Args: username: (str) password: (str) Returns: True, if username and password match.
(username, password)
| 209 | |
| 210 | |
| 211 | def can_authenticate(username, password): |
| 212 | """Checks whether the given credentials are valid. |
| 213 | |
| 214 | Args: |
| 215 | username: (str) |
| 216 | password: (str) |
| 217 | |
| 218 | Returns: |
| 219 | True, if username and password match. |
| 220 | """ |
| 221 | logger.info_sensitive('Checking authentication for user %s', username) |
| 222 | password_hash = db.users.Users().get_password_hash(username) |
| 223 | |
| 224 | if not password_hash: |
| 225 | logger.info_sensitive('Cannot authenticate, no such user %s', username) |
| 226 | return False |
| 227 | |
| 228 | is_password_correct = password_check.verify(password, password_hash) |
| 229 | if not is_password_correct: |
| 230 | # We're knowingly logging a user's username, which is sensitive, but |
| 231 | # we've also marked the log as sensitive that can later be scrubbed. |
| 232 | logger.info_sensitive( # nosemgrep: python-logger-credential-disclosure |
| 233 | 'Cannot authenticate, password not correct for user %s', username) |
| 234 | return False |
| 235 | |
| 236 | return True |
| 237 | |
| 238 | |
| 239 | def is_authentication_required(): |
nothing calls this directly
no test coverage detected