0

I am using admin-SDK of firebase in python

I have created a new user using the following code

user = auth.create_user(
        email=email,
        email_verified=False,
        password=password,
        display_name=name,
        disabled=False)

now I have created a function that takes name , _email id _ and password from the user and fetch user using it's email id and then checks if entered details are correct.

def check_user(self, name, email, password):  # fixme compare password
    user = auth.get_user_by_email(email)
    if user.display_name == name and user.email == email:# add password comparision
        print('successful login')
        return True
    else:
        print('username or password incorrect')
    return False

I want to compare password entered with the password stored, but I am unable to compare as I can't access password, I can only access passwordHash using user.passwordHash and passwordSalt using user.passwordSalt.

is there any away I can find passwordHash or passwordSalt of password so I can compare the hashes.

Aryan Pegwar
  • 11
  • 6
  • If you're using Firebase Authentication, why are **you** trying to compare the password. That's Firebase Authentication's job, isn't it? – Frank van Puffelen May 31 '20 at 14:27
  • I am using firebase's admin-SDK, it has API's to create and fetch user data but no API is available for verification of the password, maybe I am missing it, please tell is there is an API for user login authentication in firebase's admin-SDK – Aryan Pegwar Jun 01 '20 at 16:43

3 Answers3

0

The usual flow when using Firebase Authentication is that your users sign in with client-side code that uses a Firebase SDK directly. So in that case, Firebase itself would be performing the check whether the password is correct.

You can perform the check yourself, but you'll have to hash the plaintext password from the user in your code and then compare the stored and calculated hash values, essentially duplicating what Firebase already does. Firebase uses a modified version of scrypt to encrypt the passwords.

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
  • I am using firebase's admin-SDK, it has API's to create and fetch user data but no API is available for verification of the password, maybe I am missing it, please tell is there is an API for user login authentication in firebase's admin-SDK – Aryan Pegwar Jun 01 '20 at 16:44
  • The expected flow is that you let the Firebase client-side SDK send the password to the server to authenticate the user, instead of intercepting it yourself. You *can* still do the sign-up in your back-end, just not the sign-in. If you also want to do the sign-in yourself, you'll have to hash the password. See the second paragraph of my answer. – Frank van Puffelen Jun 01 '20 at 18:17
0

There's a library called pyrebase. You can use it to mimic client in server. Simply use sign_in_with_email_and_password(email, password) once you initiate the pyrebase object.

GitHub url: https://github.com/thisbejim/Pyrebase

S. Hwang
  • 71
  • 1
  • 12
0

Firebase Admin SDK for python do not provide a way to compare password. However, there is a solution to confirm user authenticity.

This might be helpful https://stackoverflow.com/a/71398321/9681645

ganiular
  • 331
  • 2
  • 8