From 162dcf05e31e7aeda024e270ed7004f7caee650f Mon Sep 17 00:00:00 2001
From: Joseph Schorr <joseph.schorr@coreos.com>
Date: Fri, 22 May 2015 16:26:26 -0400
Subject: [PATCH] Have the verifyUser endpoint use the same
 confirm_existing_user method

This will prevent us from encountering the same problem as the generated encrypted password issue when using LDAP
---
 endpoints/api/user.py | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/endpoints/api/user.py b/endpoints/api/user.py
index 161c97c88..2d17073aa 100644
--- a/endpoints/api/user.py
+++ b/endpoints/api/user.py
@@ -537,7 +537,17 @@ class VerifyUser(ApiResource):
     """ Verifies the signed in the user with the specified credentials. """
     signin_data = request.get_json()
     password = signin_data['password']
-    return conduct_signin(get_authenticated_user().username, password)
+
+    username = get_authenticated_user().username
+    (result, error_message) = authentication.confirm_existing_user(username, password)
+    if not result:
+      return {
+        'message': error_message,
+        'invalidCredentials': True,
+      }, 403
+
+    common_login(result)
+    return {'success': True}
 
 
 @resource('/v1/signout')