flask-security 需要 des_crypt 哈希,得到的是 des_crypt 配置字符串
flask-security expected des_crypt hash, got des_crypt config string instead
我正在使用 Flask-Security 来实现身份验证系统。
这是我使用的来自文档的代码,我只添加了 SECURITY_PASSWORD_HASH 和 SECURITY_PASSWORD_SALT 配置:
from flask import Flask, render_template
from flask_sqlalchemy import SQLAlchemy
from flask_security import Security, SQLAlchemyUserDatastore, \
UserMixin, RoleMixin, login_required
# Create app
app = Flask(__name__)
app.config['DEBUG'] = True
app.config['SECRET_KEY'] = 'super-secret'
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite://'
app.config['SECURITY_PASSWORD_HASH'] = 'bcrypt'
app.config['SECURITY_PASSWORD_SALT'] = 'mypasswordsaltis12characterslong'
# Create database connection object
db = SQLAlchemy(app)
# Define models
roles_users = db.Table('roles_users',
db.Column('user_id', db.Integer(), db.ForeignKey('user.id')),
db.Column('role_id', db.Integer(), db.ForeignKey('role.id')))
class Role(db.Model, RoleMixin):
id = db.Column(db.Integer(), primary_key=True)
name = db.Column(db.String(80), unique=True)
description = db.Column(db.String(255))
class User(db.Model, UserMixin):
id = db.Column(db.Integer, primary_key=True)
email = db.Column(db.String(255), unique=True)
password = db.Column(db.String(255))
active = db.Column(db.Boolean())
confirmed_at = db.Column(db.DateTime())
roles = db.relationship('Role', secondary=roles_users,
backref=db.backref('users', lazy='dynamic'))
# Setup Flask-Security
user_datastore = SQLAlchemyUserDatastore(db, User, Role)
security = Security(app, user_datastore)
# Create a user to test with
@app.before_first_request
def create_user():
db.create_all()
user_datastore.create_user(email='matt@nobien.net', password='password')
db.session.commit()
# Views
@app.route('/')
@login_required
def home():
return render_template('index.html')
if __name__ == '__main__':
app.run()
我真的不明白为什么我的密码以明文形式存储在数据库中。
此外,当我尝试显示受密码保护的视图并输入凭据时,我收到此错误消息
ValueError: expected des_crypt hash, got des_crypt config string instead
此时我真的感到卡住了,看起来我的密码是以纯文本形式存储的,我绝对不想这样做。
感谢您的帮助
所以我不得不添加
from flask_security.utils import encrypt_password, verify_password
并且在密码存储级别我不得不调用 encrypt_password 函数
user_datastore.create_user(email='email@email.com', password=encrypt_password("my_password"))
我正在使用 Flask-Security 来实现身份验证系统。
这是我使用的来自文档的代码,我只添加了 SECURITY_PASSWORD_HASH 和 SECURITY_PASSWORD_SALT 配置:
from flask import Flask, render_template
from flask_sqlalchemy import SQLAlchemy
from flask_security import Security, SQLAlchemyUserDatastore, \
UserMixin, RoleMixin, login_required
# Create app
app = Flask(__name__)
app.config['DEBUG'] = True
app.config['SECRET_KEY'] = 'super-secret'
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite://'
app.config['SECURITY_PASSWORD_HASH'] = 'bcrypt'
app.config['SECURITY_PASSWORD_SALT'] = 'mypasswordsaltis12characterslong'
# Create database connection object
db = SQLAlchemy(app)
# Define models
roles_users = db.Table('roles_users',
db.Column('user_id', db.Integer(), db.ForeignKey('user.id')),
db.Column('role_id', db.Integer(), db.ForeignKey('role.id')))
class Role(db.Model, RoleMixin):
id = db.Column(db.Integer(), primary_key=True)
name = db.Column(db.String(80), unique=True)
description = db.Column(db.String(255))
class User(db.Model, UserMixin):
id = db.Column(db.Integer, primary_key=True)
email = db.Column(db.String(255), unique=True)
password = db.Column(db.String(255))
active = db.Column(db.Boolean())
confirmed_at = db.Column(db.DateTime())
roles = db.relationship('Role', secondary=roles_users,
backref=db.backref('users', lazy='dynamic'))
# Setup Flask-Security
user_datastore = SQLAlchemyUserDatastore(db, User, Role)
security = Security(app, user_datastore)
# Create a user to test with
@app.before_first_request
def create_user():
db.create_all()
user_datastore.create_user(email='matt@nobien.net', password='password')
db.session.commit()
# Views
@app.route('/')
@login_required
def home():
return render_template('index.html')
if __name__ == '__main__':
app.run()
我真的不明白为什么我的密码以明文形式存储在数据库中。 此外,当我尝试显示受密码保护的视图并输入凭据时,我收到此错误消息
ValueError: expected des_crypt hash, got des_crypt config string instead
此时我真的感到卡住了,看起来我的密码是以纯文本形式存储的,我绝对不想这样做。
感谢您的帮助
所以我不得不添加
from flask_security.utils import encrypt_password, verify_password
并且在密码存储级别我不得不调用 encrypt_password 函数
user_datastore.create_user(email='email@email.com', password=encrypt_password("my_password"))