Issue
i have a stored hash password with bcrypt library so it always stores a different hash string in my db. How can i compare a string value with the store password if they are not the same?
@login.route('/log',methods=['POST'])
def login():
error = None
# get data from JSON
body = request.get_json()
# if data contains something
if body != error:
# Verification of POST method
if request.method == 'POST':
# bucle for empty values findings
validation = all(x != "" for x in body.values())
if validation:
username_mod = body['username']
password_mod = body['password_hash']
forced = b"valentina"
hashed = hashpw(password_mod.encode('utf-8'), gensalt())
userMatch = User.query.filter_by(username=username_mod).first()
store_password = userMatch.password_hash
if checkpw(forced, hashed):
print("it matches")
else:
print("they dont")
if userMatch:
if checkpw(hashed, store_password):
pswd_match = True
else:
pswd_match = False
if userMatch and pswd_match:
return msg_handler("user allowed", 200)
else:
return msg_handler("user denied", 400)
else:
return msg_handler("missing value in 1 or more parameters", 400)
else:
return msg_handler("Must be POST method", 400)
else:
return msg_handler("no data", 400)
Solution
i solve my problem using werkzeug.security now my code is like this:
from werkzeug.security import generate_password_hash, check_password_hash
username_mod = body['username']
password_mod = body['password_hash']
userMatch = User.query.filter_by(username=username_mod).first()
store_password = userMatch.password_hash
if userMatch:
if check_password_hash(store_password, password_mod ):
pswd_match = True
else:
pswd_match = False
if userMatch and pswd_match:
return msg_handler("user allowed", 200)
else:
return msg_handler("user denied", 400)
Answered By - Carlos Espinoza Garcia
0 comments:
Post a Comment
Note: Only a member of this blog may post a comment.