Verify Password of Selected User | new password function on mariadb?

I have a document in which has a button which opens a dialog box asking for password verification to set a check field ,

But not the password for the current user , its basically the supervisor , so he will select his user name(from drop down) and enter password , if verified --success ,–

So i connot use the frappe.verify_password function as it verifies current users password .
i did it in the old version using a verification from db queries , below was y function .

@frappe.whitelist()
def dis_auth(user,password):
	manager=frappe.db.sql("select u.name from tabUser u, `tabHas Role` ur where u.name=ur.parent and ur.role='Sales Master Manager' and u.name='%s'"%(user))
	if manager:
		auth = frappe.db.sql("""select name, `password`, salt from `__Auth`
			where doctype='User' and fieldname='password' and encrypted=0 and name='%s'
			and (
				(salt is null and `password`=password('%s'))
				or `password`=password(concat('%s', salt))
			)"""%(user,password,password), as_dict=True)
		if auth:
			return "Yes"
		else:
			frappe.msgprint("Invalid Password.")
			return "No"
	frappe.msgprint("Selected User is not Sales Master Manager")
	return "No"

and it worked perfectly, the but db structure has changed ,
and the query
frappe.db.sql("""select name, `password`, salt from `__Auth` where doctype='User' and fieldname='password' and encrypted=0 and name='%s' and ( (salt is null and `password`=password('%s')) or `password`=password(concat('%s', salt)) )"""%(user,password,password), as_dict=True)

does not work anymore , even though i added the salt column again , i think the encryption is handled in the password () is different from how User passwords are encrypted in db currently .

as i tested in the bench mariadb , the password function uses mda5 or sha1 , while all the passwords in the password field of auth table are encrypted in sha256 .

So

  1. How can i verify if a password is similar to one in database ?
  2. is there any easier way to achieve this now , or this is way is already optimal ?

Thanks

Is there no possible solution for it ,
how can i get authentication of a say sales manager for a specific thing ?

like in prev version , discount on sales invoice needs to be approved by the manager , so on pressing button , manager will put his userid and password ,
which was getting validated from above function , it does not work any more .

any alternative way i can achieve this verification ?

Hi,

I think check_password function is what you are looking for.

Im trying to achieve the same thing using client script but no luck. Any solution to this?

Here is the check password function that I used for my project

def check_password(user, pwd, doctype=‘User’, fieldname=‘password’):
‘’‘Checks if user and password are correct, else raises frappe.AuthenticationError’’’

auth = frappe.db.sql("""select `name`, `password` from `__Auth`
	where `doctype`=%(doctype)s and `name`=%(name)s and `fieldname`=%(fieldname)s and `encrypted`=0""",
	{'doctype': doctype, 'name': user, 'fieldname': fieldname}, as_dict=True)

if not auth or not passlibctx.verify(pwd, auth[0].password):
	frappe.msgprint("Incorrect User or Password", raise_exception=True)

return user

@sione
This function written in server script?

do you have any idea how to link it to client script?

this is how I call the server script.

if (frappe.user.has_role("System Manager")){
	alert(current_action)
    //your own event here
	return;
} else {
	var me = this;
	let d = new frappe.ui.Dialog({
		title: 'Supervisor Authorization',
		fields: [{
				label: 'Supervisor',
				fieldname: 'supervisor_name',
				fieldtype: 'Link',
				options: "User",
				"get_query": function () {
					return {
						query:".......api.get_all_supervisors"
					}
				},
				reqd: 1
			},
			{
				label: 'Password',
				fieldname: 'password',
				fieldtype: 'Password',
				reqd: 1
			},
		],
		primary_action_label: 'Submit',
		primary_action(values) {
			frappe.call({
				method: ".......api.check_password",
				args: {
					'user': values.supervisor_name,
					'pwd': values.password,
					'doctype': "User",
					'filedname': "password"
			},
					callback: function(r) {
                    //Your own event here
					d.hide();
						return;
				},
				error: function() {
				}
			})
		}
	});
d.show();

}