Python Forum
bcrypt passwords failed [SOLVED] - Printable Version

+- Python Forum (
+-- Forum: Python Coding (
+--- Forum: Web Scraping & Web Development (
+--- Thread: bcrypt passwords failed [SOLVED] (/Thread-bcrypt-passwords-failed-SOLVED)

bcrypt passwords failed [SOLVED] - IMuriel - Jan-11-2019

Hello, im new at python so im folowing a course wich is a little bit outdated, so i already have a database with an "author" table, and im encoding the password input when the author had register
with the following code

@app.route('/setup', methods=('GET', 'POST'))
def setup():
        error = ""
        form = SetUpForm()
        if form.validate_on_submit():
                salt = bcrypt.gensalt()
                hashed_password = bcrypt.hashpw('utf8'), salt)  # noqa: E501
                author = Author(
                        blog = Blog(
                        error = "Error creating user"
                if and
                        flash(" Blog created ")
                        return redirect(url_for('admin'))
                        error = "Error creating blog "  # noqa : F841
        return render_template('blog/setup.html', form=form)

so far evrything is correct, because if i use
SELECT * from author; i can see the record taht i just registered with an ecripted password
so the problem happens when i try to login with the following code


   @app.route('/login', methods=('GET', 'POST'))
def login():
        form = LoginForm()
        error = None
        if request.method == 'GET' and request.args.get('next'):
                session['next'] = request.args.get('next', None)

        if form.validate_on_submit():
                authors = Author.query.filter_by(
                if authors.count():
                        author = authors[0]
                        # encripta la contraseƱa del formulario, y la comprueba con lo que esta en la bd # noqa: E501
                        if bcrypt.hashpw('utf8'), author.password.encode('utf8')) == author.password:  # noqa: E501
                                session['username'] =
                                if 'next' in session:
                                        next = session.get('next')
                                        return redirect(next)
                                        return redirect(url_for('login_success'))  # noqa: E501
                                return redirect(url_for('login_success'))
                                error = " incorrect password "
                        error = "Incorrect username and password "
        return render_template('author/login.html', form=form, error=error)

the code does not crash, but im reciving the "incorrect password" error, so seems like something is wrtong with this line
 if bcrypt.hashpw('utf8'), author.password.encode('utf8')) == author.password:  # noqa: E501 
hope you can help me, tahanks a lot Big Grin

ps: im pretty sure that im introducing the correct password

[SOLVED] i just added .encode('utf8') to the author.password as well

if bcrypt.hashpw('utf8'), author.password.encode('utf8')) == author.password.encode('utf8'):  # noqa: E501
looking for comments if that is the correct and secure way to do this :D

RE: bcrypt passwords failed [SOLVED] - nilamo - Jan-16-2019

That depends, what does bcyrpt.haspw() return? As long as you're storing the hashed password, it should be fine.

And thanks for letting us know what the issue was :)