From 3723280e3d76123656e552fdb74949ece55e6f73 Mon Sep 17 00:00:00 2001 From: bakatrouble Date: Fri, 1 Aug 2025 09:42:53 +0300 Subject: [PATCH] fix invalid auth response --- server.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/server.py b/server.py index 63b1741..ed824d9 100644 --- a/server.py +++ b/server.py @@ -69,7 +69,8 @@ def protected(wrapped): ) @validate(json=LoginRequest) async def login(_, body: LoginRequest): - if not pbkdf2_sha256(10000, salt=b'salt').verify(body.password, api_auth.get(body.username)): + hash = api_auth.get(body.username) + if not hash or not pbkdf2_sha256(10000, salt=b'salt').verify(body.password, hash): return jsonr({'status': 'error', 'message': 'Invalid username or password'}) return jsonr({ 'token': jwt.encode({}, api_secret, algorithm='HS256'),