I am creating a flask api with login auth but the check_password_hash ever return false and I get a error

in my app.py i'm trying this

from werkzeug.security import generate_password_hash, check_password_hash

@app.route("/signup", methods=["GET", "POST"])
def signup():
    if request.method == "POST":
        hashed_pw = generate_password_hash(request.form["password"], method="sha256")
        new_user = Users(username=request.form["username"], password=hashed_pw)
        db.session.add(new_user)
        db.session.commit()

        return "You've registered successfully."

    return render_template("signup.html")

@app.route("/login", methods=["GET", "POST"])
def login():
    if request.method == "POST":
        user = Users.query.filter_by(username=request.form["username"]).first()

        if user and check_password_hash(user.password, request.form["password"]):
            session['username'] = user.username
            return "You are logged in"
        else:
            return "Your credentials are invalid, check and try again."

    return render_template("login.html")

when i print user.password and request.form["password"] it returns hashed

pass -> sha256$SSC4jjZIE3Wm6l7v$74e78b19ddfa3ad62963c93f34d9c6cd93b67e47b4e42e896a726d79 pass -> 1

CodePudding user response：

First make sure that request.form["password"] is returning the password that the user typed.

I don't know how you are hashing the password. Anyways a simple way to do it is using python passlib. it has no known weaknesses.

from passlib.hash import sha256_crypt

to save the hash:

hashed_password = sha256_crypt.hash("ThePassword")

to check the password:

ha256_crypt.verify("password from the form", hashed_password)