unable to compare password using firebase admin sdk in python

0
votes

I am using admin-SDK of firebase in python

I have created a new user using the following code

user = auth.create_user(
        email=email,
        email_verified=False,
        password=password,
        display_name=name,
        disabled=False)

now I have created a function that takes name , _email id _ and password from the user and fetch user using it's email id and then checks if entered details are correct.

def check_user(self, name, email, password):  # fixme compare password
    user = auth.get_user_by_email(email)
    if user.display_name == name and user.email == email:# add password comparision
        print('successful login')
        return True
    else:
        print('username or password incorrect')
    return False

I want to compare password entered with the password stored, but I am unable to compare as I can't access password, I can only access passwordHash using user.passwordHash and passwordSalt using user.passwordSalt.

is there any away I can find passwordHash or passwordSalt of password so I can compare the hashes.

2
pythonfirebasefirebase-authenticationfirebase-admingoogle-admin-sdk
If you're using Firebase Authentication, why are you trying to compare the password. That's Firebase Authentication's job, isn't it? - Frank van Puffelen
I am using firebase's admin-SDK, it has API's to create and fetch user data but no API is available for verification of the password, maybe I am missing it, please tell is there is an API for user login authentication in firebase's admin-SDK - Aryan Pegwar

2 Answers

0
votes

The usual flow when using Firebase Authentication is that your users sign in with client-side code that uses a Firebase SDK directly. So in that case, Firebase itself would be performing the check whether the password is correct.

You can perform the check yourself, but you'll have to hash the plaintext password from the user in your code and then compare the stored and calculated hash values, essentially duplicating what Firebase already does. Firebase uses a modified version of scrypt to encrypt the passwords.

0
votes

There's a library called pyrebase. You can use it to mimic client in server. Simply use sign_in_with_email_and_password(email, password) once you initiate the pyrebase object.

GitHub url: https://github.com/thisbejim/Pyrebase