refactor: attempt at using types to achieve eq REFS #51

devraj · devraj · commit 646fd069f89a · 2023-04-25T13:04:26.000+10:00
the commit remvoes the event that encrypted the password and uses a custom sqlalchemy
type to achieve the same result, in theory we should be able to use
on the TypeDecorator to compare values and thus achieve what we set out to

the experiments performed so far don't seem to be able to use compare_values as intended
diff --git a/src/labs/models/user.py b/src/labs/models/user.py
@@ -17,10 +17,11 @@
 
 from ..db import Base
 from .utils import DateTimeMixin, IdentifierMixin,\
-    ModelCRUDMixin
+    ModelCRUDMixin, PasswordType
     
 from ..utils.auth import hash_password, verify_password
 
+
 class User(
     Base,
     IdentifierMixin,
@@ -49,7 +50,9 @@ class User(
         ensure that the password is never stored in plain text.
 
     """
-    password: Mapped[str]
+    password: Mapped[str] = mapped_column(
+        PasswordType
+    )
     otp_secret: Mapped[str]
 
     first_name: Mapped[Optional[str]]
@@ -137,20 +140,3 @@ def receive_init(target, args, kwargs):
     """
     target.otp_secret = random_base32()
 
-def encrypt_password(target, value, oldvalue, initiator):
-    """ Encrypt the password when it is set
-
-    This enables the application logic to simply set the plain
-    text password and the model encrypts it on the way in.
-
-    The idea is to abstract this from the duties of the application.
-    """
-    return hash_password(value)
-
-# Support for the above method to run when the password is set
-event.listen(
-    User.password, 
-    'set', 
-    encrypt_password, 
-    retval=True
-)
diff --git a/src/labs/models/utils.py b/src/labs/models/utils.py
@@ -255,3 +255,21 @@ async def get_all(
         users = await async_db_session.execute(query)
         users = users.scalars().all()
         return users
+
+
+
+from sqlalchemy import types
+from ..utils.auth import hash_password, verify_password
+
+class PasswordType(types.TypeDecorator):
+    
+    impl = types.String
+    cache_ok = True
+
+    def process_bind_param(self, value, dialect):
+        """ Called when the value is being written to the database
+
+        At that point we are literally converting the string to a hashed
+        password and then we should be able to compare this 
+        """
+        return hash_password(value)
diff --git a/src/labs/routers/auth/__init__.py b/src/labs/routers/auth/__init__.py
@@ -44,6 +44,7 @@ async def login_for_auth_token(
     form_data.username
   )
 
+  # if user is None or not user.password == form_data.password:
   if user is None or not user.check_password(form_data.password):
     raise HTTPException(
       status_code=status.HTTP_401_UNAUTHORIZED,

Original file line number	Diff line number	Diff line change
`@@ -44,6 +44,7 @@ async def login_for_auth_token(`
`44`	`44`	`form_data.username`
`45`	`45`	`)`
`46`	`46`
	`47`	`+ # if user is None or not user.password == form_data.password:`
`47`	`48`	`if user is None or not user.check_password(form_data.password):`
`48`	`49`	`raise HTTPException(`
`49`	`50`	`status_code=status.HTTP_401_UNAUTHORIZED,`