Click here to Skip to main content
15,117,095 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
I need help with a question

Q: The admin web api must be able to confirm admin’s credentials using email and password.

I would say I have really basic knowledge of the GET, POST, DELETE request. But I am unsure of using these to do verification.

What I have tried:

I have come up with the below codes but am still not sure what I need to correct to get it work. Any explanation or advice is very appreciated..

In User.py, I have:
Python
from model.DatabasePool import DatabasePool

class User:

    @classmethod
    def verifyUser(cls,email,password):
        try: 
            dbConn=DatabasePool.getConnection()
            cursor = dbConn.cursor(dictionary=True)

            sql="select * from user where email=%s and password=%s"
            cursor.execute(sql,(email,password))
            user=cursor.fetchall()

            return user
        
        finally:
            dbConn.close()




and in my app.py, I have:
Python
<pre>from flask import Flask,jsonify,request
from model.User import User
from model.Menu import Menu
from model.Category import Category

app = Flask(__name__)

@app.route('/user',methods=["GET"])
def verifyUser():
    try:
        userJSON=request.json 
        user=User.verifyUser(userJSON['email'],userJSON['password'])

        message={"Message":"Success"}
        return jsonify(message),200
    except Exception as err:
        print(err)
        return {},500

  
if __name__ == '__main__': 
    app.run(debug=True) 
Posted
Comments
Richard Deeming 2-Jul-21 11:16am
   
Definitely not like that!

You are storing passwords in your database in plain text. That is a major security risk, and will lead to massive fines when your database is breached.

Store a salted hash of the password instead, using a unique salt per record, and multiple iterations of a cryptographically-secure hash algorithm.

Secure Password Authentication Explained Simply[^]
Salted Password Hashing - Doing it Right[^]

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900