Add robustness to password check

miguelgrinberg · Apr 21, 2016 · 051fd88 · 051fd88
1 parent efc3c72
commit 051fd88
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/flask_httpauth.py b/flask_httpauth.py
@@ -126,7 +126,8 @@ def authenticate(self, auth, stored_password):
             except TypeError:
                 client_password = self.hash_password_callback(username,
                                                               client_password)
-        return client_password == stored_password
+        return client_password is not None and \
+            client_password == stored_password
 
 
 class HTTPDigestAuth(HTTPAuth):