Hello, im new at python so im folowing a course wich is a little bit outdated, so i already have a database with an "author" table, and im encoding the password input when the author had register
with the following code
SELECT * from author; i can see the record taht i just registered with an ecripted password
so the problem happens when i try to login with the following code
ps: im pretty sure that im introducing the correct password
[SOLVED] i just added .encode('utf8') to the author.password as well
with the following code
@app.route('/setup', methods=('GET', 'POST'))
def setup():
error = ""
form = SetUpForm()
if form.validate_on_submit():
salt = bcrypt.gensalt()
hashed_password = bcrypt.hashpw(form.password.data.encode('utf8'), salt) # noqa: E501
author = Author(
form.fullname.data,
form.email.data,
form.username.data,
hashed_password,
True
)
db.session.add(author)
db.session.flush()
if author.id:
blog = Blog(
form.name.data,
author.id
)
db.session.add(blog)
db.session.flush()
else:
db.session.rollblack()
error = "Error creating user"
if author.id and blog.id:
db.session.commit()
flash(" Blog created ")
return redirect(url_for('admin'))
else:
db.session.rollback()
error = "Error creating blog " # noqa : F841
return render_template('blog/setup.html', form=form)so far evrything is correct, because if i useSELECT * from author; i can see the record taht i just registered with an ecripted password
so the problem happens when i try to login with the following code
@app.route('/login', methods=('GET', 'POST'))
def login():
form = LoginForm()
error = None
if request.method == 'GET' and request.args.get('next'):
session['next'] = request.args.get('next', None)
if form.validate_on_submit():
authors = Author.query.filter_by(
username=form.username.data,
).limit(1)
if authors.count():
author = authors[0]
# encripta la contraseƱa del formulario, y la comprueba con lo que esta en la bd # noqa: E501
if bcrypt.hashpw(form.password.data.encode('utf8'), author.password.encode('utf8')) == author.password: # noqa: E501
session['username'] = form.username.data
if 'next' in session:
next = session.get('next')
session.pop('next')
return redirect(next)
else:
return redirect(url_for('login_success')) # noqa: E501
return redirect(url_for('login_success'))
else:
error = " incorrect password "
else:
error = "Incorrect username and password "
return render_template('author/login.html', form=form, error=error)
the code does not crash, but im reciving the "incorrect password" error, so seems like something is wrtong with this line if bcrypt.hashpw(form.password.data.encode('utf8'), author.password.encode('utf8')) == author.password: # noqa: E501 hope you can help me, tahanks a lot ps: im pretty sure that im introducing the correct password
[SOLVED] i just added .encode('utf8') to the author.password as well
if bcrypt.hashpw(form.password.data.encode('utf8'), author.password.encode('utf8')) == author.password.encode('utf8'): # noqa: E501looking for comments if that is the correct and secure way to do this :D
