Checking username and password while doing login

Matheus Galvao · Matheus Galvao · commit abc361368d46 · 2025-01-23T15:31:44.000+01:00
diff --git a/app/models/user.py b/app/models/user.py
@@ -1,7 +1,12 @@
+from werkzeug.security import generate_password_hash, check_password_hash
+
 class User:
     def __init__(self, username, password):
         self.username = username
-        self.password = password
+        self.password_hash = generate_password_hash(password)
+
+    def check_password(self, password):
+        return check_password_hash(self.password_hash, password)
 
     def __repr__(self):
         return f"User(username={self.username})"
diff --git a/app/services/auth_service.py b/app/services/auth_service.py
@@ -70,6 +70,11 @@ def login_user(data):
     if not data or "username" not in data or "password" not in data:
         return jsonify({"error": "Username and password are required"}), 400
     
+    # Find user and validate credentials
+    user = next((user for user in users if user.username == data["username"]), None)
+    if not user or not user.check_password(data["password"]):
+        return jsonify({"error": "Invalid username or password"}), 401
+    
     if auth_config.auth_method == AuthMethod.JWT:
         access_token, refresh_token = generate_jwt_token(data["username"])
         return jsonify({
