使用 python/bcrypt 将密码保存为用户集合中 mongodb 中的加盐哈希
save password as salted hash in mongodb in users collection using python/bcrypt
我想生成加盐密码哈希并将其存储在名为用户的 MongoDB 集合中,如下所示:
users_doc = {
"username": "James",
"password": "<salted_hash_password>"
}
我不确定如何使用 Bcrypt 生成散列密码,然后当我登录我的 flask 应用程序时,能够检查散列是否与存储在 MongoDB 中的散列密码匹配。
使用 bcrypt 生成盐并将其保存在您的设置文件中:
import bcrypt
salt = bcrypt.gensalt()
加密密码:
password = "userpassword"
hashed = bcrypt.hashpw(password, bcrypt.gensalt())
检查生成的盐:
>>> print hashed
a$C.zbaAxJPVVPKuS.ZvNQiOTVSdOf18kMP4qDKDnM3AGrNyGO5/tTy
检查给定密码是否与您生成的密码匹配(只需使用盐创建密码的哈希值并将其与数据库中的密码进行比较):
given_password = "password"
hashed_password = bcrypt.hashpw(password, salt) #Using the same salt used to hash passwords on your settings
hashed_password == hashed #In this case it returns false, because passwords are not the same
我不知道你是如何使用 mongodb 来获取数据的,但如果你想对传递进行哈希处理,就很简单:
from flask import Flask
from flask.ext.bcrypt import Bcrypt
app = Flask(__name__)
bcrypt = Bcrypt(app)
# Your code here...
users_doc = {
"username": "james",
"password": bcrypt.generate_password_hash(password)
}
然后如果要查看密码,可以使用check_password_hash()函数:
bcrypt.check_password_hash(users_doc["password"], request.form["password"]) # Just an example of how you could use it.
您可以使用以下哈希密码。
app.post("/register", function(req, res){
var type = req.body.type
var newUser = new Student({
username: req.body.username,
gender: req.body.gender,
rollnumber: req.body.rollnumber,
dob: req.body.dob,
email: req.body.email,
type: req.body.type,
password: req.body.password
})
req.checkBody('username','UserName is Required').notEmpty();
req.checkBody('rollnumber','Roll Number is Required').notEmpty();
req.checkBody('email','Email Required').notEmpty();
req.checkBody('email','Email Invalid').isEmail();
req.checkBody('password','Password is Required').notEmpty();
req.checkBody('password1','Passwords do not match').equals(req.body.password);
var errors = req.validationErrors();
if(errors){
res.render('Sregister', {errors: errors});
}else{
bcrypt.genSalt(10, function(err, salt){
bcrypt.hash(newUser.password, salt, function(err, hash){
if(!err){
newUser.password = hash;
}
newUser.save(function(err){
if(!err){
console.log("success in reg");
res.redirect("/student/login")
}
})
})
})
并在登录时使用下面的密码进行比较
passport.use('student', new LocalStrategy(function(username, password, done){
var query = {username: username};
Student.findOne(query, function(err, student){
if(err) throw err;
if(!student){
return done(null, false);
}
bcrypt.compare(password,student.password, function(err, isMatch){
if(err) throw err;
if(isMatch)
return done(null, student);
else
return done(null,false);
})
})
}))
我想生成加盐密码哈希并将其存储在名为用户的 MongoDB 集合中,如下所示:
users_doc = {
"username": "James",
"password": "<salted_hash_password>"
}
我不确定如何使用 Bcrypt 生成散列密码,然后当我登录我的 flask 应用程序时,能够检查散列是否与存储在 MongoDB 中的散列密码匹配。
使用 bcrypt 生成盐并将其保存在您的设置文件中:
import bcrypt
salt = bcrypt.gensalt()
加密密码:
password = "userpassword"
hashed = bcrypt.hashpw(password, bcrypt.gensalt())
检查生成的盐:
>>> print hashed
a$C.zbaAxJPVVPKuS.ZvNQiOTVSdOf18kMP4qDKDnM3AGrNyGO5/tTy
检查给定密码是否与您生成的密码匹配(只需使用盐创建密码的哈希值并将其与数据库中的密码进行比较):
given_password = "password"
hashed_password = bcrypt.hashpw(password, salt) #Using the same salt used to hash passwords on your settings
hashed_password == hashed #In this case it returns false, because passwords are not the same
我不知道你是如何使用 mongodb 来获取数据的,但如果你想对传递进行哈希处理,就很简单:
from flask import Flask
from flask.ext.bcrypt import Bcrypt
app = Flask(__name__)
bcrypt = Bcrypt(app)
# Your code here...
users_doc = {
"username": "james",
"password": bcrypt.generate_password_hash(password)
}
然后如果要查看密码,可以使用check_password_hash()函数:
bcrypt.check_password_hash(users_doc["password"], request.form["password"]) # Just an example of how you could use it.
您可以使用以下哈希密码。
app.post("/register", function(req, res){
var type = req.body.type
var newUser = new Student({
username: req.body.username,
gender: req.body.gender,
rollnumber: req.body.rollnumber,
dob: req.body.dob,
email: req.body.email,
type: req.body.type,
password: req.body.password
})
req.checkBody('username','UserName is Required').notEmpty();
req.checkBody('rollnumber','Roll Number is Required').notEmpty();
req.checkBody('email','Email Required').notEmpty();
req.checkBody('email','Email Invalid').isEmail();
req.checkBody('password','Password is Required').notEmpty();
req.checkBody('password1','Passwords do not match').equals(req.body.password);
var errors = req.validationErrors();
if(errors){
res.render('Sregister', {errors: errors});
}else{
bcrypt.genSalt(10, function(err, salt){
bcrypt.hash(newUser.password, salt, function(err, hash){
if(!err){
newUser.password = hash;
}
newUser.save(function(err){
if(!err){
console.log("success in reg");
res.redirect("/student/login")
}
})
})
})
并在登录时使用下面的密码进行比较
passport.use('student', new LocalStrategy(function(username, password, done){
var query = {username: username};
Student.findOne(query, function(err, student){
if(err) throw err;
if(!student){
return done(null, false);
}
bcrypt.compare(password,student.password, function(err, isMatch){
if(err) throw err;
if(isMatch)
return done(null, student);
else
return done(null,false);
})
})
}))