Skip to content

Login Functionality Using Python [VALI-004] #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Sindhu1702013 merged 2 commits into from
Feb 2, 2026
Merged

Login Functionality Using Python [VALI-004] #3

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
29ebe44
Login Functionality
Sindhu1702013 Feb 2, 2026
5059c5f
Update Programs/login.py
Sindhu1702013 Feb 2, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
__pycache__
.appmodconfig
32 changes: 32 additions & 0 deletions Programs/login.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
class LoginSystem:
def __init__(self):
self.valid_email = os.getenv("VALID_EMAIL")
self.valid_password = os.getenv("VALID_PASSWORD")
Comment on lines +3 to +4
Copy link
Contributor

@appmod-pr-genie appmod-pr-genie bot Feb 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

JAS Confidence Score: 100%

JAS - Just a suggestion
New Environment Variables Require Configuration

This is a great improvement for security! I see you've added VALID_EMAIL and VALID_PASSWORD as environment variables. This is an informational note to ensure these variables are configured in the CI/CD pipeline and any deployment environments (staging, production). The deployment will fail if these are not set.

self.failed_attempts = 0
self.locked = False

def login(self, email, password):
Copy link
Contributor

@appmod-pr-genie appmod-pr-genie bot Feb 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Warning Confidence Score: 80% View Citation

Boolean-Returning Function Without Prefix

The login method returns boolean-like success/failure indicators (or strings acting as such) but lacks a boolean prefix like is_ or can_. Additionally, it performs state updates (failed_attempts), which may be misleading for a simple check.

Suggested change
def login(self, email, password):
def attempt_login(self, email, password):
Reasons & Gaps

Reasons

  1. Function names should clearly indicate if they return a status or perform an action
  2. Adding a verb like 'attempt' or a prefix clarifies that the logic involves validation
  3. Improves maintainability by aligning the name with the internal state changes

Gaps

  1. The function returns strings instead of raw booleans, which makes the prefix rule slightly ambiguous
  2. 'login' is a common industry term that often implies both checking and performing the action

if self.locked:
return "Account is locked. Contact support."

if email == self.valid_email and password == self.valid_password:
Copy link
Contributor

@appmod-pr-genie appmod-pr-genie bot Feb 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Critical Confidence Score: 90%

Security Risk: Insecure Password Comparison

We're using a direct equality check (==) for password validation. This is vulnerable to timing attacks and assumes passwords are stored in plaintext. In a real application, we should always store passwords as hashes and use a constant-time comparison function like secrets.compare_digest or a dedicated library like bcrypt to verify them.

Suggested change
if email == self.valid_email and password == self.valid_password:
if email == self.valid_email and secrets.compare_digest(password, self.valid_password):
Reasons & Gaps

Reasons

  1. Standard string comparison is not constant-time, potentially leaking password information
  2. Direct comparison implies plaintext storage which is a major security failure
  3. Using specialized comparison functions prevents side-channel timing attacks

Gaps

  1. The suggestion assumes the use of the 'secrets' module which requires an import not present in the diff
  2. Standard equality is functionally correct but cryptographically insecure

self.failed_attempts = 0
return "Login Successful ✅"

else:
self.failed_attempts += 1

if self.failed_attempts >= 3:
self.locked = True
return "Account locked due to 3 failed attempts ❌"

return f"Invalid credentials. Attempts left: {3 - self.failed_attempts}"

# ----- Testing the function -----

app = LoginSystem()
Copy link
Contributor

@appmod-pr-genie appmod-pr-genie bot Feb 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

JAS Confidence Score: 75% View Citation

JAS - Just a suggestion
Vague Generic Variable Name

The variable name app is generic. Using a more descriptive name like login_manager or auth_system better reflects the class it instantiates.

Suggested change
app = LoginSystem()
login_system = LoginSystem()
Reasons & Gaps

Reasons

  1. Generic names like 'app' provide little context about the object's specific role
  2. Descriptive names reduce cognitive load when the codebase grows in complexity
  3. 'login_system' explicitly links the instance to its class purpose

Gaps

  1. In small scripts or entry points, 'app' is a very common convention for the main object
  2. The context of a 30-line script makes the purpose of 'app' relatively obvious


print(app.login("wrong@test.com", "123")) # Test case 1
print(app.login("wrong@test.com", "123")) # Test case 2
print(app.login("wrong@test.com", "123")) # Test case 3 (locks account)
print(app.login("user@test.com", "Password@123")) # Should fail because account is locked
Loading