Issue
I trying to create a way to update users password in Flask, but for some reason unkown to me after the update the user cant login again. It says the password is incorrect, I cant see what might be wrong any help would be appreciated
Below my route, I'm using bcrypt to hash the password. I also tried to decode it to utf8 but it doesnt help:
@app.route('/change-password', methods=['GET', 'POST'])
@login_required
def change_password():
if request.method == 'POST':
current_password = request.form.get('current_password')
new_password = request.form.get('new_password')
confirm_password = request.form.get('confirm_password')
if new_password != confirm_password:
flash('As novas senhas não coincidem.')
return redirect(url_for('change_password'))
user_password_hash = get_user_password_hash(current_user.id)
if not bcrypt.check_password_hash(user_password_hash, current_password):
flash('Senha atual incorreta.')
return redirect(url_for('change_password'))
hashed_password = bcrypt.generate_password_hash(new_password)
update_user_password(current_user.id, hashed_password)
flash('Senha atualizada com sucesso.')
return redirect(url_for('index'))
return render_template('home/change_password.html')
def get_user_password_hash(user_id):
user = User.query.get(user_id)
return user.pwd
def update_user_password(user_id, new_password):
user = User.query.get(user_id)
if user:
user.pwd = bcrypt.generate_password_hash(new_password)
db.session.commit()
This is the change_password.html:
<!DOCTYPE html>
<html>
<head>
<title>Troca de Senha</title>
</head>
<body>
<h1>Troca de Senha</h1>
{% for message in get_flashed_messages() %}
<p>{{ message }}</p>
{% endfor %}
<form method="POST" action="{{ url_for('change_password') }}">
<label for="current_password">Senha Atual:</label>
<input type="password" id="current_password" name="current_password" required><br><br>
<label for="new_password">Nova Senha:</label>
<input type="password" id="new_password" name="new_password" required><br><br>
<label for="confirm_password">Confirme a Nova Senha:</label>
<input type="password" id="confirm_password" name="confirm_password" required><br><br>
<input type="submit" value="Trocar Senha">
</form>
</body>
</html>
Solution
You are double-hashing the password.
This function:
def update_user_password(user_id, new_password):
user = User.query.get(user_id)
if user:
user.pwd = bcrypt.generate_password_hash(new_password)
db.session.commit()
Takes new_password as an argument. That should be the plaintext that the user entered. But that's not what you're passing:
hashed_password = bcrypt.generate_password_hash(new_password)
update_user_password(current_user.id, hashed_password)
You already hash it, then pass the hash to the function that hashes it again (or, rather, generates a hash of the previous hash).
Answered By - roganjosh
0 comments:
Post a Comment
Note: Only a member of this blog may post a comment.