Re-type password-validation to confirm important actions

Sometimes it is required to prove that the logged user is performing this important action by re-typing the password. For example signing PDF or confriming that you read the information.

Could you please add simple function that allow us to verify the typed password with the hashed saved password in users table and return True or False?

1 Like

You should be able to make this function yourself, or if you wish to use the users service entirely, you could just force a logout, and run the user log in prompt again.

In the server module:

import bcrypt

def validate_user_pass(input_password):
  user_pw_hash = anvil.users.get_user()['password_hash']
  if bcrypt.checkpw(input_password.encode(), user_pw_hash.encode()):
    print("It matched!")
    return True
    print("It didn't match")
    return False

A call to the users row is a round trip to the server module anyway, and the plain text server calls are already encrypted with https, so there is no reason why you should only want this done on the client side.

However if you still did want client side only, you would have to use the javascript version of the bcrypt library with anvil.js, since bcrypt is not available in skulpt.

1 Like