From 4e8a67aa54c73d98ba34dc3132ab62cd48b45109 Mon Sep 17 00:00:00 2001
From: Ethan Dalool <git@voussoir.net>
Date: Fri, 16 Feb 2018 18:40:57 -0800
Subject: [PATCH] Avoid sql indexing by instantiating User earlier.

---
 etiquette/objects.py | 1 +
 etiquette/photodb.py | 6 +++---
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/etiquette/objects.py b/etiquette/objects.py
index 7293eeb..2a21c3e 100644
--- a/etiquette/objects.py
+++ b/etiquette/objects.py
@@ -1293,6 +1293,7 @@ class User(ObjectBase):
         self.id = db_row['id']
         self.username = db_row['username']
         self.created = db_row['created']
+        self.password_hash = db_row['password']
 
     def __repr__(self):
         rep = 'User:{id}:{username}'.format(id=self.id, username=self.username)
diff --git a/etiquette/photodb.py b/etiquette/photodb.py
index fc9b586..54460d6 100644
--- a/etiquette/photodb.py
+++ b/etiquette/photodb.py
@@ -878,13 +878,13 @@ class PDBUserMixin:
         if not isinstance(password, bytes):
             password = password.encode('utf-8')
 
-        stored_password = fetch[constants.SQL_USER['password']]
+        user = objects.User(self, fetch)
 
-        success = bcrypt.checkpw(password, stored_password)
+        success = bcrypt.checkpw(password, user.password_hash)
         if not success:
             raise exceptions.WrongLogin()
 
-        return objects.User(self, fetch)
+        return user
 
     @decorators.required_feature('user.new')
     @decorators.transaction