base for hashed passwords

kscalelabs · Aug 3, 2024 · eb1dfb5 · eb1dfb5
1 parent 9af376e
commit eb1dfb5
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 5 deletions.
diff --git a/store/app/crud/users.py b/store/app/crud/users.py
@@ -37,8 +37,8 @@ async def get_user(self, id: str, throw_if_missing: bool = False) -> User | None
     async def get_user(self, id: str, throw_if_missing: bool = False) -> User | None:
         return await self._get_item(id, User, throw_if_missing=throw_if_missing)
 
-    async def _create_user_from_email(self, email: str) -> User:
-        user = User.create(email=email)
+    async def _create_user_from_email(self, email: str, password: str) -> User:
+        user = User.create(email=email, password=password)
         await self._add_item(user, unique_fields=["email"])
         return user
 

diff --git a/store/app/model.py b/store/app/model.py
@@ -12,6 +12,7 @@
 from pydantic import BaseModel
 
 from store.settings import settings
+from store.store.app.utils.security import hash_password
 from store.utils import new_uuid
 
 
@@ -32,17 +33,36 @@ class RobolistBaseModel(BaseModel):
 class User(RobolistBaseModel):
     """Defines the user model for the API.
 
-    Users are defined by their email, username and password hash. This is the
+    Users are defined by their email and hashed_password. This is the
     simplest form of authentication, and is used for users who sign up with
     their email and password.
     """
 
     email: str
+    hashed_password: str
     permissions: set[UserPermission] | None = None
+    created_at: int
+    updated_at: int
+    email_verified_at: int | None = None
 
     @classmethod
-    def create(cls, email: str) -> Self:
-        return cls(id=new_uuid(), email=email, permissions=None)
+    def create(cls, email: str, password: str) -> Self:
+        now = int(time.time())
+        return cls(
+            id=new_uuid(),
+            email=email,
+            permissions=None,
+            created_at=now,
+            updated_at=now,
+            hashed_password=hash_password(password)  # Call a function to hash the password
+        )
+
+    def update_timestamp(self) -> None:
+        self.updated_at = int(time.time())
+
+    def verify_email(self) -> None:
+        self.email_verified_at = int(time.time())
+
 
 
 class OAuthKey(RobolistBaseModel):

diff --git a/store/app/utils/security.py b/store/app/utils/security.py
@@ -0,0 +1,8 @@
+import bcrypt
+
+def hash_password(password: str) -> str:
+    salt = bcrypt.gensalt()
+    return bcrypt.hashpw(password.encode('utf-8'), salt).decode('utf-8')
+
+def verify_password(plain_password: str, hashed_password: str) -> bool:
+    return bcrypt.checkpw(plain_password.encode('utf-8'), hashed_password.encode('utf-8'))