I'm currently trying to use bcrypt to encrypt/hash my seed passwords and store them in MYSQL, but it keeps giving me the same password. I'm using Python. Any help would be greatly appreciated!
user.py
from app.db import Base from sqlalchemy.orm import validates from sqlalchemy import Column, Integer, String salt = bcrypt.gensalt() class User(Base): __tablename__ = 'users' id = Column(Integer, primary_key=True) username = Column(String(50), nullable=False) email = Column(String(50), nullable=False, unique=True) password = Column(String(200), nullable=False) @validates('email') def validate_email(self, key, email): # make sure email address contains @ character assert '@' in email return email @validates('password') def validate_password(self, key, password): assert len(password) > 4 # encrypt password return bcrypt.hashpw(password.encode('utf-8'), salt)
seed.py
from app.models import User from app.db import Session, Base, engine # drop and rebuild tables Base.metadata.drop_all(engine) Base.metadata.create_all(engine) db = Session() # insert users db.add_all([ User(username='alesmonde0', email='nwestnedge0@cbc.ca', password='password123'), User(username='jwilloughway1', email='rmebes1@sogou.com', password='password123'), User(username='iboddam2', email='cstoneman2@last.fm', password='password123'), User(username='dstanmer3', email='ihellier3@goo.ne.jp', password='password123'), User(username='djiri4', email='gmidgley4@weather.com', password='password123') ]) db.commit() db.close()
You pass the same password and salt every time:
If you wish to produce different hashes with the same plaintext using
bcrypt
, regenerate the salt each time you generate a hash (as a best practice, you should do this):Assumption:
If all of the above are correct, the problem is with authentication, i.e. the "validate_password" method is not in the User class at all. Try to identify it correctly and it should trigger and hash the password.