search

Home  >  Q&A  >  body text

Passwords in MYSQL are not encrypted

I'm currently trying to use bcrypt to encrypt/hash my seed passwords and store them in MYSQL, but it keeps giving me the same password. I'm using Python. Any help would be greatly appreciated!

user.py

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

from app.db import Base

from sqlalchemy.orm import validates

from sqlalchemy import Column, Integer, String

salt = bcrypt.gensalt()

 

 

class User(Base):

  __tablename__ = 'users'

  id = Column(Integer, primary_key=True)

  username = Column(String(50), nullable=False)

  email = Column(String(50), nullable=False, unique=True)

  password = Column(String(200), nullable=False)

 

  @validates('email')

  def validate_email(self, key, email):

    # make sure email address contains @ character

    assert '@' in email

 

    return email

 

 

@validates('password')

def validate_password(self, key, password):

  assert len(password) > 4

 

  # encrypt password

  return bcrypt.hashpw(password.encode('utf-8'), salt)

seed.py

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

from app.models import User

from app.db import Session, Base, engine

 

# drop and rebuild tables

Base.metadata.drop_all(engine)

Base.metadata.create_all(engine)

 

db = Session()

 

# insert users

db.add_all([

  User(username='alesmonde0', email='nwestnedge0@cbc.ca', password='password123'),

  User(username='jwilloughway1', email='rmebes1@sogou.com', password='password123'),

  User(username='iboddam2', email='cstoneman2@last.fm', password='password123'),

  User(username='dstanmer3', email='ihellier3@goo.ne.jp', password='password123'),

  User(username='djiri4', email='gmidgley4@weather.com', password='password123')

])

 

db.commit()

 

db.close()

P粉593536104P粉593536104354 days ago572

reply all(2)I'll reply

  • P粉710478990

    P粉7104789902024-03-20 16:34:19

    You pass the same password and salt every time:

    1

    2

    3

    4

    5

    >>> salt = bcrypt.gensalt()

    >>> bcrypt.hashpw('password123'.encode('utf-8'), salt)

    b'$2b$12$L14/6UZsC4YymGUiQgBxCO5c6YoHEFDSM9ZSvBW0CgO9YkRUGkXwW'

    >>> bcrypt.hashpw('password123'.encode('utf-8'), salt)

    b'$2b$12$L14/6UZsC4YymGUiQgBxCO5c6YoHEFDSM9ZSvBW0CgO9YkRUGkXwW'

    If you wish to produce different hashes with the same plaintext using bcrypt, regenerate the salt each time you generate a hash (as a best practice, you should do this):

    1

    2

    3

    4

    >>> bcrypt.hashpw('password123'.encode('utf-8'), bcrypt.gensalt())

    b'$2b$12$e1.vrDabeTDcqjqJ3Wj1fuapoGBgRaTjYNEn.v1WvuBbQLIsNlS3O'

    >>> bcrypt.hashpw('password123'.encode('utf-8'), bcrypt.gensalt())

    b'$2b$12$jqE4jMUeGfTLYixrR5iB0OAWSM/ZIEPiscX5fPLcxn8rOHqzJOUt6'

    reply
    0
  • P粉807239416

    P粉8072394162024-03-20 14:47:25

    Assumption:

    • You have copied the exact same code as in the original file
    • And "keep giving me the same password" means that what is saved in the database is the open text password, not the hash from the validator

    If all of the above are correct, the problem is with authentication, i.e. the "validate_password" method is not in the User class at all. Try to identify it correctly and it should trigger and hash the password.

    reply
    0
  • Cancelreply