Skip to content

Instantly share code, notes, and snippets.

Last active Aug 29, 2015
What would you like to do?
from hashlib import sha512
from uuid import uuid4
from redis import StrictRedis
__all__ = (
'hash_password', 'create_user', 'login_is_valid',
conn = StrictRedis()
def hash_password(password, salt=None):
Given a password, return a salted, hashed
version of it.
When verifying an existing password, the
salt must be provided or all hope is lost.
if salt is None:
salt = uuid4().hex
hash = sha512(salt + password).hexdigest()
return "{0}${1}".format(salt, hash)
def create_user(email, password):
Add a user to the database.
conn.setex(email, 120, hash_password(password))
def login_is_valid(email, password):
Compare the user's raw input to the
hashed value in the database to determine
whether the password is valid.
db_pass = conn.get(email)
if db_pass is None:
return False
salt = db_pass.split('$')[0]
hashed = hash_password(password, salt)
if hashed == db_pass:
return True
return False
if __name__ == "__main__":
# Test data.
email = ""
password = "sntaoehusn"
# Nothing in database, should be false.
assert login_is_valid(email, password) == False
# Create, then it should work.
create_user(email, password)
assert login_is_valid(email, password) == True
# Invalid passwords are invalid.
assert login_is_valid(email, password + "foo") == False
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment