问题描述

在尝试在flask中编写登录功能时，我想尝试对b烧瓶进行扩展.当我使用_bcrypt.check_password_hash()_方法将用户表单输入密码与用户在数据库中保存的密码进行比较时，它总是返回false.

While trying to write a login functionality in flask, I wanted to try 'bcrypt' flask extensio. When I use_bcrypt.check_password_hash()_ method to compare user form input password against that users saved password in the db, it always returns false.

这是我用来生成密码的代码:

Here is the code I use to generate passwords:

    hashPwd = bcrypt.generate_password_hash('form.password.data')

这是我用来对照保存的密码检查候选密码的代码:

Here is the code I use to check the candidate password against the saved one:

if form.validate_on_submit():
    user = User.query.filter_by(username=form.username.data).first()

    if user and bcrypt.check_password_hash(user.password, form.password.data):
        login_user(user, remember=form.rememberMe.data)

如果我在python shell中执行User.query.get(1).password，则密码的格式为:

If I do User.query.get(1).password in python shell, the password is in format:

u'$2b$12$JOXUftWBbn/egABOkAYNwezGKfh6GzIHOofUnvx73AiSOfoNWEGFC'

当我在代码中运行相同的查询时，密码为:

When I run the same query in code, the password is:

$2b$12$JOXUftWBbn/egABOkAYNwezGKfh6GzIHOofUnvx73AiSOfoNWEGFC

第一个pw中的 u'是唯一的区别，这可能是引起问题的原因，但我不知道这是什么.

The u' in the first pw is the only difference and that might be the issue cause, but I dont know what it is.

有什么想法吗?

推荐答案

来自 http://flask-bcrypt.readthedocs.io/en/latest/

pw_hash = bcrypt.generate_password_hash('hunter2')
bcrypt.check_password_hash(pw_hash, 'hunter2') # returns True

在您的情况下，反向功能需要根据密码检查哈希值user.password实际上应该是hashPwd

The reverse function needs to check the hash against the password, in your caseuser.password should actually be hashPwd

if user and bcrypt.check_password_hash(hashPwd, form.password.data):

这篇关于烧瓶bcrypt.check_password_hash()始终返回False，无法发现我的错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！