1from .hashers import check_password, hash_password
 2
 3
 4def check_user_password(user, password):
 5    # Run the default password hasher once to reduce the timing
 6    # difference between an existing and a nonexistent user (#20760).
 7    hash_password(password)
 8
 9    # Update the stored hashed password if the hashing algorithm changed
10    def setter(raw_password):
11        user.password = raw_password
12        user.save(update_fields=["password"])
13
14    password_is_correct = check_password(password, user.password, setter)
15
16    return password_is_correct