fix invalid auth response

2025-08-01 09:42:53 +03:00 · 2025-08-01 09:42:53 +03:00 · 3723280e3d
commit 3723280e3d
parent cf9aad9aee
1 changed files with 2 additions and 1 deletions
--- a/server.py
+++ b/server.py
@ -69,7 +69,8 @@ def protected(wrapped):
 )
@validate(json=LoginRequest)
 async def login(_, body: LoginRequest):
-    if not pbkdf2_sha256(10000, salt=b'salt').verify(body.password, api_auth.get(body.username)):
+    hash = api_auth.get(body.username)
+    if not hash or not pbkdf2_sha256(10000, salt=b'salt').verify(body.password, hash):
        return jsonr({'status': 'error', 'message': 'Invalid username or password'})
    return jsonr({
        'token': jwt.encode({}, api_secret, algorithm='HS256'),