From 7e96e345a2a6aa520c70a5e17ee24a30452e8e52 Mon Sep 17 00:00:00 2001
From: Daniel Vaz Gaspar <danielvazgaspar@gmail.com>
Date: Mon, 20 Jan 2025 13:15:57 +0000
Subject: [PATCH] feat: make fake password hash check configurable (#2301)

---
 flask_appbuilder/security/manager.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/flask_appbuilder/security/manager.py b/flask_appbuilder/security/manager.py
index d046eec9f0..4ba4afada0 100644
--- a/flask_appbuilder/security/manager.py
+++ b/flask_appbuilder/security/manager.py
@@ -229,6 +229,12 @@ def __init__(self, appbuilder):
         app.config.setdefault("AUTH_ROLES_MAPPING", {})
         app.config.setdefault("AUTH_ROLES_SYNC_AT_LOGIN", False)
         app.config.setdefault("AUTH_API_LOGIN_ALLOW_MULTIPLE_PROVIDERS", False)
+        app.config.setdefault(
+            "AUTH_DB_FAKE_PASSWORD_HASH_CHECK",
+            "scrypt:32768:8:1$wiDa0ruWlIPhp9LM$6e409d093e62ad54df2af895d0e125b05ff6cf6414"
+            "8350189ffc4bcc71286edf1b8ad94a442c00f890224bf2b32153d0750c89ee9"
+            "401e62f9dcee5399065e4e5",
+        )
 
         # LDAP Config
         if self.auth_type == AUTH_LDAP:
@@ -968,8 +974,7 @@ def auth_user_db(self, username, password):
         if user is None or (not user.is_active):
             # Balance failure and success
             check_password_hash(
-                "pbkdf2:sha256:150000$Z3t6fmj2$22da622d94a1f8118"
-                "c0976a03d2f18f680bfff877c9a965db9eedc51bc0be87c",
+                self.appbuilder.get_app.config["AUTH_DB_FAKE_PASSWORD_HASH_CHECK"],
                 "password",
             )
             log.info(LOGMSG_WAR_SEC_LOGIN_FAILED, username)