Bottom Page

Thread Rating:
  • 3 Vote(s) - 2 Average
  • 1
  • 2
  • 3
  • 4
  • 5
bcrypt passwords failed [SOLVED]
#1
Hello, im new at python so im folowing a course wich is a little bit outdated, so i already have a database with an "author" table, and im encoding the password input when the author had register
with the following code

@app.route('/setup', methods=('GET', 'POST'))
def setup():
        error = ""
        form = SetUpForm()
        if form.validate_on_submit():
                salt = bcrypt.gensalt()
                hashed_password = bcrypt.hashpw(form.password.data.encode('utf8'), salt)  # noqa: E501
                author = Author(
                        form.fullname.data,
                        form.email.data,
                        form.username.data,
                        hashed_password,
                        True
                )
                db.session.add(author)
                db.session.flush()
                if author.id:
                        blog = Blog(
                                form.name.data,
                                author.id
                        )
                        db.session.add(blog)
                        db.session.flush()
                else:
                        db.session.rollblack()
                        error = "Error creating user"
                if author.id and blog.id:
                        db.session.commit()
                        flash(" Blog created ")
                        return redirect(url_for('admin'))
                else:
                        db.session.rollback()
                        error = "Error creating blog "  # noqa : F841
        return render_template('blog/setup.html', form=form)


so far evrything is correct, because if i use
SELECT * from author; i can see the record taht i just registered with an ecripted password
so the problem happens when i try to login with the following code

 

   @app.route('/login', methods=('GET', 'POST'))
def login():
        form = LoginForm()
        error = None
        if request.method == 'GET' and request.args.get('next'):
                session['next'] = request.args.get('next', None)

        if form.validate_on_submit():
                authors = Author.query.filter_by(
                        username=form.username.data,
                ).limit(1)
                if authors.count():
                        author = authors[0]
                        # encripta la contraseña del formulario, y la comprueba con lo que esta en la bd # noqa: E501
                        if bcrypt.hashpw(form.password.data.encode('utf8'), author.password.encode('utf8')) == author.password:  # noqa: E501
                                session['username'] = form.username.data
                                if 'next' in session:
                                        next = session.get('next')
                                        session.pop('next')
                                        return redirect(next)
                                else:
                                        return redirect(url_for('login_success'))  # noqa: E501
                                return redirect(url_for('login_success'))
                        else:
                                error = " incorrect password "
                else:
                        error = "Incorrect username and password "
        return render_template('author/login.html', form=form, error=error)

 
the code does not crash, but im reciving the "incorrect password" error, so seems like something is wrtong with this line
 if bcrypt.hashpw(form.password.data.encode('utf8'), author.password.encode('utf8')) == author.password:  # noqa: E501 
hope you can help me, tahanks a lot Big Grin




ps: im pretty sure that im introducing the correct password

[SOLVED] i just added .encode('utf8') to the author.password as well

  
if bcrypt.hashpw(form.password.data.encode('utf8'), author.password.encode('utf8')) == author.password.encode('utf8'):  # noqa: E501
looking for comments if that is the correct and secure way to do this :D
Quote
#2
That depends, what does bcyrpt.haspw() return? As long as you're storing the hashed password, it should be fine.

And thanks for letting us know what the issue was :)
Quote

Top Page

Possibly Related Threads...
Thread Author Replies Views Last Post
  failed in initialization .gitignore erfanakbari1 2 42 Mar-23-2019, 09:11 AM
Last Post: snippsat
  wait.until(EC.element_to_be_clickable) failed to click gahhon 4 108 Feb-23-2019, 04:58 AM
Last Post: gahhon
  Convert my .py to .exe but failed to execute gahhon 7 256 Feb-19-2019, 05:02 PM
Last Post: metulburr
  Failed to locate element gahhon 4 131 Feb-18-2019, 02:23 PM
Last Post: gahhon
  Cant install gtts module Python 3.4 [SOLVED] cygnus_X1 8 799 Jan-05-2019, 12:16 AM
Last Post: cygnus_X1
  SQLAlchemy, log only one record from failed insert Master_Sergius 0 222 Dec-21-2018, 02:04 PM
Last Post: Master_Sergius
  [Errno11004] Get addrinfo failed with urlopen prashanth0988 2 5,546 Aug-02-2018, 01:41 PM
Last Post: iiooii
  [SOLVED] requests returning HTTP 404 when I follow a link after I do a POST JChris 9 5,631 Nov-14-2016, 02:23 PM
Last Post: JChris

Forum Jump:


Users browsing this thread: 1 Guest(s)