E-commerce-FastAPI icon indicating copy to clipboard operation
E-commerce-FastAPI copied to clipboard
verified publisher icon onionj

Authentication not validating password at all.

Open Fa2y opened this issue 3 years ago • 1 comments

https://github.com/onionj/E-commerce-FastAPI/blob/a37d591ef2e25310a364403513aac9a1b5582ab1/authentication.py#L66

authentication.py:70: RuntimeWarning: coroutine 'verify_password' was never awaited
  if user and verify_password(password, user.password):
RuntimeWarning: Enable tracemalloc to get the object allocation traceback
INFO:     127.0.0.1:46472 - "POST /token HTTP/1.1" 200 OK

verify_password is an async function and should be awaited, not awaiting it will result in returning a coroutine object that render the condition pointless as it will give valid token for any true username provided.

Fa2y avatar Jan 25 '23 11:01 Fa2y

Oh, thank you, can you fix it and make a pull request?

onionj avatar Jan 28 '23 06:01 onionj