Comments (13)
Check the database for password field value. i think password value did not hashed in the table. then this error raised when user try to login.
from bcrypt.
Did you check self.password
?
from bcrypt.
Yes, the check_password
method looks like this and checks for unset/empty passwords on the first line:
def check_password(self, password):
if not self.password or not password:
return False
return bcrypt.check_password_hash(self.password, password)
from bcrypt.
What is the value of self.password
when the error occurs?
from bcrypt.
I'm not sure of the exact value of self.password
at the time of the error, but it must have been a Python2 unicode
type because it was retrieved via Postgres from a VARCHAR(160) column. It could not have been None
or blank as seen in the check_password
method above. It would have been a hashed password value for a user (the past output from bcrypt.generate_password_hash(password)
).
from bcrypt.
Sorry, mixed libraries...
from bcrypt.
InvalidSalt is what is raised if you supply a password that does not match the given bcrypt hash. Since this is a few months old I'm going to close it but if you're still having an issue feel free to reopen.
from bcrypt.
@reaperhulk why does the exception say invalid salt instead of invalid password? The docs say when supplying a password not matching the given bcrypt hash that bcrypt.check_password_hash
should return None
not raise an exception.
from bcrypt.
@alanhamlett Are you sure you're looking at the docs for this project? check_password_hash
is not a function we provide. checkpw
is a function py-bcrypt
supplies, but right now bcrypt
does not (although there's no reason why it couldn't since checkpw is just calling the same thing hashpw does but returning a different message).
from bcrypt.
Oh sorry that method was from Flask-Bcrypt which wraps this library. Maybe it's a bug in Flask-Bcrypt then.
from bcrypt.
I filed supporting checkpw
as #74 so it may be in an upcoming release as well. It is definitely confusing that hashpw
can both generate a new password hash and also verify a password against a pre-generated hash (and the failure case will raise InvalidSalt)
from bcrypt.
InvalidSalt is what is raised if you supply a password that does not match the given bcrypt hash. Since this is a few months old I'm going to close it but if you're still having an issue feel free to reopen.
This doesnβt seem to be the case:
>>> h = bcrypt.hashpw(b'password', bcrypt.gensalt(10))
>>> h
'$2b$10$asbns6WWho6TkeROkj6i6ekOCrI6oD0EZBb32n7NrmDFzhDl9E8fy'
>>> bcrypt.hashpw(b'test', h)
'$2b$10$asbns6WWho6TkeROkj6i6eCCbN64Jo282VVeqvo75SxJMtvl6arWi'
Tested with both bcrypt 2.0.0 and 3.0.0.
from bcrypt.
@charmander is entirely correct and my reading was nonsense.
hashpw
takes either a salt OR a "hash" (which is the salt concatenated with the derived password hash). When you call hashpw
with the hash it grabs the salt and creates a new hash with the given password and it's up to the caller to compare to see if the two hashes are equal. As of this moment (3.0.0 and below) you must do this comparison yourself, but #76 will do it on your behalf.
from bcrypt.
Related Issues (20)
- Document packages bundled inside wheels HOT 2
- python 3.7.3 HOT 4
- "Illegal instruction" on Raspberry Pi Zero HOT 10
- new release needed for python 3.12 compatibility at build time HOT 9
- New release results in bcrypt break HOT 22
- I use `bcrypt` with `passlib` HOT 2
- Install [email protected]. 400 bad request HOT 1
- AttributeError: module 'bcrypt' has no attribute '__about__' with new 4.1.1 version HOT 16
- install 4.1.1 on M2 chip failed HOT 1
- Why is the macOS 11/12 wheel dropped? HOT 3
- The bcrypt.hashpw(val1, val2) function always produces the same output even if the values are different. HOT 4
- [4.1.1] ImportError: PyO3 modules compiled for CPython 3.8 or older may only be initialized once per interpreter process HOT 14
- new version on mipsel 32 bit Atomic error HOT 4
- Is BSD license applicable?
- RFE: is it possible to start making github releases?π€ HOT 2
- TypeError in checkpw HOT 1
- AttributeError: module 'bcrypt' has no attribute '__about__' with new 4.1.3 version HOT 4
- Error !! HOT 1
- cannot import name '__author__' from 'bcrypt._bcrypt' HOT 3
- 4.1.3 generates errors; downgrading to 4.1.2 is fine HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bcrypt.