在没有数据库的烧瓶上使用 bcrypt 进行身份验证
authentication with bcrypt on flask without database
我已经在 flask 而不是数据库上使用 bcrypt 创建了密码验证。所以故事是我想使用散列密码登录密码。但我什至无法登录。有什么问题吗???
@auth.verify_password
def authenticate(用户名, 密码):
user = 'alfara'
passwd = 'alfara'
if username and password:
pw_hash = bcrypt.generate_password_hash(passwd).decode('utf-8')
if username == user and password == pw_hash:
return bcrypt.check_password_hash(pw_hash, passwd)
else:
return False
return False
The idea of password hashing is that you do not store the clear text password. Your code fail in this. You could just compare passwd and password directly.
- @Klaus D.
如果你愿意,你可以做到
passwd = bcrypt.generate_password_hash("alfara")
那就这样吧
if username and password:
verify = bcrypt.check_password_hash(passwd, password)
if verify and username == user:
return "Username and Password Matched"
我已经在 flask 而不是数据库上使用 bcrypt 创建了密码验证。所以故事是我想使用散列密码登录密码。但我什至无法登录。有什么问题吗???
@auth.verify_password def authenticate(用户名, 密码):
user = 'alfara'
passwd = 'alfara'
if username and password:
pw_hash = bcrypt.generate_password_hash(passwd).decode('utf-8')
if username == user and password == pw_hash:
return bcrypt.check_password_hash(pw_hash, passwd)
else:
return False
return False
The idea of password hashing is that you do not store the clear text password. Your code fail in this. You could just compare passwd and password directly.
- @Klaus D.
如果你愿意,你可以做到
passwd = bcrypt.generate_password_hash("alfara")
那就这样吧
if username and password:
verify = bcrypt.check_password_hash(passwd, password)
if verify and username == user:
return "Username and Password Matched"