fix: resolve AttributeError in User model and ensure consistent password handling

- Fixed the `AttributeError: 'User' object has no attribute '_password'` by properly mapping the `_password` attribute to the `password` column in the database. - Updated the `User` model to ensure passwords are only hashed once during creation and not re-hashed when retrieved or updated. - Improved the `check_password` method to correctly compare hashed passwords. - Verified the signup and login flow to ensure consistent behavior
2025-02-15 22:42:50 -06:00 · 2025-02-15 22:42:50 -06:00 · 4a4d693d72
commit 4a4d693d72
parent d13c5885d8
4 changed files with 36 additions and 19 deletions
--- a/models/User/user.py
+++ b/models/User/user.py
@ -1,22 +1,23 @@
-from models import db
 from werkzeug.security import generate_password_hash, check_password_hash
+from models import db

 class User(db.Model):
    __tablename__ = 'users'
    
    id = db.Column(db.Integer, primary_key=True)
    username = db.Column(db.String(80), unique=True, nullable=False)
-    password = db.Column(db.String(128), nullable=False)
+    _password = db.Column("password", db.String(255), nullable=False)    
    
-    def __init__(self, username, password, hash_password=True):
-        self.username = username
-        if hash_password:
-            self.password = generate_password_hash(password, method="pbkdf2:sha256")
+    @property
+    def password(self):
+        return self._password
+
+    @password.setter
+    def password(self, raw_password):
+        if not raw_password.startswith("pbkdf2:sha256:"):
+            self._password = generate_password_hash(raw_password)
        else:
-            self.password = password
+            self._password = raw_password

    def check_password(self, password):
-        return check_password_hash(self.password, password)
-    
-    def __repr__(self):
-        return f"<User {self.username}>"
+        return check_password_hash(self._password, password)
--- a/routes/user_auth/auth.py
+++ b/routes/user_auth/auth.py
@ -1,5 +1,5 @@
 # routes/auth.py
-from flask import Blueprint, request, jsonify
+from flask import Blueprint, request, jsonify, session
 from services.UserService.user import UserService

 auth_bp = Blueprint('auth', __name__)
@ -17,8 +17,20 @@ def signup():
@auth_bp.route('/login', methods=['POST'])
 def login():
    data = request.get_json()
+    username = data.get('username')
+    password = data.get('password')
+    
+    print(f"Login attempt: username={username}, password={password}")
+     
    try:
        user = user_service.verify_user(data['username'], data['password'])
+        session['user_id'] = user.id
        return jsonify({"message": "Login successful", "user_id": user.id}), 200
    except ValueError as e:
+        print(f"Login failed: {str(e)}")
        return jsonify({"error": str(e)}), 401
+    
+@auth_bp.route('/logout', methods=['POST'])
+def logout():
+    session.clear()
+    return jsonify({"message": "Logout successful"}), 200
--- a/server.py
+++ b/server.py
@ -10,6 +10,7 @@ load_dotenv()
 app = Flask(__name__)
 CORS(app)

+app.secret_key = os.getenv('SECRET_KEY')
 app.config['SQLALCHEMY_DATABASE_URI'] = os.getenv('DATABASE')
 app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False

--- a/services/UserService/user.py
+++ b/services/UserService/user.py
@ -1,27 +1,30 @@
 from models.User.user import User, db
-from werkzeug.security import generate_password_hash, check_password_hash

 class UserService:
    def create_user(self, username, password):
        if not username or not password:
-            return jsonify({"error": "Username and password are required"}), 400
+            raise ValueError("Username and password are required")
        
        if len(username) < 3 or len(password) < 8:
-            return jsonify({"error": "Username must be at least 3 characters and password must be at least 8 characters."}), 400
-
+            raise ValueError("Username must be at least 3 characters and password must be at least 8 characters.")
        
        existing_user = User.query.filter_by(username=username).first()
        if existing_user:
            raise ValueError("User already exists")
        
-        hashed_password = generate_password_hash(password)
-        new_user = User(username=username, password=hashed_password)
+        new_user = User(username=username, password=password)
        db.session.add(new_user)
        db.session.commit()
        return new_user

    def verify_user(self, username, password):
        user = User.query.filter_by(username=username).first()
-        if not user or not user.check_password(password):
+        if not user:
+            print(f"User not found: {username}")
            raise ValueError("Invalid username or password")
+        
+        if not user.check_password(password):
+            raise ValueError("Invalid username or password")
+        
+        print(f"User verified: {username}")
        return user