check_password_with_timing_attack_mitigation
Checks password against the user's hash if there is a user, otherwise runs the default password hasher to prevent user enumeration attacks (#20760).
def check_password_with_timing_attack_mitigation(
user: User,
password: string
) - > boolean
Checks password against the user's hash if there is a user, otherwise runs the default password hasher to prevent user enumeration attacks (#20760).
Parameters
| Name | Type | Description |
|---|---|---|
| user | User | The user object instance to validate the password against, or None to trigger the timing attack mitigation. |
| password | string | The raw password string to be verified against the stored hash. |
Returns
| Type | Description |
|---|---|
boolean | True if the password matches the user's hash, False otherwise; returns None if no user is provided after running the dummy hasher. |