How do I securely verify a user's password before making sensitive changes (e.g., email update, addresses) using fastapi-users? #1525

striker561 · 2025-08-07T15:06:36Z

striker561
Aug 7, 2025

I'm using fastapi-userssqlalchemy and I've created a custom AuthenticationManager that extends BaseUserManager. I want to confirm a user's password before allowing them to update their email, delete their account, or perform other sensitive actions.

Is there a built-in method to validate a user's password against the hashed version stored in the database?

Answered by hgalytoby

Aug 8, 2025

class UserManager(BaseUserManager):
    ...

    async def func(password: str, user: User):
        verified, _ = self.password_helper.verify_and_update(
            password, user.hashed_password
        )

View full answer

hgalytoby · 2025-08-08T06:07:23Z

hgalytoby
Aug 8, 2025

class UserManager(BaseUserManager):
    ...

    async def func(password: str, user: User):
        verified, _ = self.password_helper.verify_and_update(
            password, user.hashed_password
        )

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

How do I securely verify a user's password before making sensitive changes (e.g., email update, addresses) using fastapi-users? #1525

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Select a reply

Uh oh!

Uh oh!

How do I securely verify a user's password before making sensitive changes (e.g., email update, addresses) using fastapi-users? #1525

Uh oh!

striker561 Aug 7, 2025

Replies: 1 comment

Uh oh!

Uh oh!

hgalytoby Aug 8, 2025

striker561
Aug 7, 2025

hgalytoby
Aug 8, 2025