From 33cd199e6dffddd4ee8974af41ebb894871d74c1 Mon Sep 17 00:00:00 2001 From: Timothy Jaeryang Baek Date: Mon, 29 Jun 2026 03:16:59 -0500 Subject: [PATCH] refac --- backend/open_webui/models/auths.py | 6 +++--- backend/open_webui/utils/auth.py | 21 ++++++++++----------- 2 files changed, 13 insertions(+), 14 deletions(-) diff --git a/backend/open_webui/models/auths.py b/backend/open_webui/models/auths.py index 00985c97b8..6538c1dbf9 100644 --- a/backend/open_webui/models/auths.py +++ b/backend/open_webui/models/auths.py @@ -148,15 +148,15 @@ class AuthsTable: log.info('authenticate_user: %s', email) resolved = await Users.get_user_by_email(email, db=db) if not resolved: - verify_password(PLACEHOLDER_HASH) + await verify_password(PLACEHOLDER_HASH) return # load the credential row and verify the password hash async with get_async_db_context(db) as session: credential = await session.get(Auth, resolved.id) if not credential or not credential.active: - verify_password(PLACEHOLDER_HASH) + await verify_password(PLACEHOLDER_HASH) return - if not verify_password(credential.password): + if not await verify_password(credential.password): return return resolved diff --git a/backend/open_webui/utils/auth.py b/backend/open_webui/utils/auth.py index b379328db1..2b0cfa9792 100644 --- a/backend/open_webui/utils/auth.py +++ b/backend/open_webui/utils/auth.py @@ -1,5 +1,6 @@ from __future__ import annotations +import asyncio import base64 import hashlib import hmac @@ -160,8 +161,6 @@ bearer_security = HTTPBearer(auto_error=False) async def get_password_hash(password: str) -> str: """Hash a password using bcrypt in a thread pool (non-blocking).""" - import asyncio - return (await asyncio.to_thread(bcrypt.hashpw, password.encode('utf-8'), bcrypt.gensalt())).decode('utf-8') @@ -179,15 +178,15 @@ def validate_password(password: str) -> bool: return True -def verify_password(plain_password: str, hashed_password: str) -> bool: - """Verify a password against its hash""" - return ( - bcrypt.checkpw( - plain_password.encode('utf-8'), - hashed_password.encode('utf-8'), - ) - if hashed_password - else None +async def verify_password(plain_password: str, hashed_password: str) -> bool: + """Verify a password using bcrypt in a thread pool.""" + if not hashed_password: + return False + + return await asyncio.to_thread( + bcrypt.checkpw, + plain_password.encode('utf-8'), + hashed_password.encode('utf-8'), )