Skip to content

Password Utilities

hash(password, password_salt, password_pepper)

Hashes password with salt and pepper using Argon2id.

Parameters:

Name Type Description Default
password (SecretStr, required)

Password to hash.

 required
password_salt (SecretStr, required)

Salt to hash password with.

 required
password_pepper (SecretStr, required)

Pepper to hash password with.

 required

Returns:

Name Type Description
str str

Hashed password.
Source code in src/potato_util/crypto/password.py 
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
@validate_call
def hash(
    password: SecretStr, password_salt: SecretStr, password_pepper: SecretStr
) -> str:
    """Hashes password with salt and pepper using Argon2id.

    Args:
        password        (SecretStr, required): Password to hash.
        password_salt   (SecretStr, required): Salt to hash password with.
        password_pepper (SecretStr, required): Pepper to hash password with.

    Returns:
        str: Hashed password.
    """

    _ph = PasswordHasher()
    _seasoned_password = (
        password.get_secret_value()
        + password_salt.get_secret_value()
        + password_pepper.get_secret_value()
    )
    _hash_password = _ph.hash(_seasoned_password)
    return _hash_password

verify(hashed_password, password, password_salt, password_pepper)

Verifies password with salt and pepper against hashed password using Argon2id.

Parameters:

Name Type Description Default
hashed_password (str, required)

Hashed password.

 required
password (SecretStr, required)

Raw password to verify.

 required
password_salt (SecretStr, required)

Salt to verify password with.

 required
password_pepper (SecretStr, required)

Pepper to verify password with.

 required

Returns:

Name Type Description
bool bool

True if password is match, False otherwise.
Source code in src/potato_util/crypto/password.py 
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
@validate_call
def verify(
    hashed_password: str,
    password: SecretStr,
    password_salt: SecretStr,
    password_pepper: SecretStr,
) -> bool:
    """Verifies password with salt and pepper against hashed password using Argon2id.

    Args:
        hashed_password (str      , required): Hashed password.
        password        (SecretStr, required): Raw password to verify.
        password_salt   (SecretStr, required): Salt to verify password with.
        password_pepper (SecretStr, required): Pepper to verify password with.

    Returns:
        bool: True if password is match, False otherwise.
    """

    _ph = PasswordHasher()
    _seasoned_password = (
        password.get_secret_value()
        + password_salt.get_secret_value()
        + password_pepper.get_secret_value()
    )

    try:
        _ph.verify(hashed_password, _seasoned_password)
        return True
    except VerifyMismatchError:
        return False