Hashing Passwords
Notes
In this video lesson we discuss how to hash passwords in our Flask application.
First a shell demo:
>>> import hashlib
>>> pwd = 'LaunchCode'
>>> hashlib.sha256(str.encode(pwd)).hexdigest()In the code example above we import the hashlib and create a sample password string. Then we call the hashlib.sha256() function on the password string after first converting it into a set of bytes using str.encode(). Then we get a string to store in the database, rather than an object, from the hash function using .hexdigest().
You can create two functions and store them in a reusable file named hashutils.py for your application's password hashing needs:
import hashlib
def make_pw_hash(password):
return hashlib.sha256(str.encode(password)).hexdigest()
def check_pw_hash(password, hash):
if make_pw_hash(password) == hash:
return True
return FalseNext, after importing the above functions into main.py, you'll want to modify your User class so that you are storing password hashes instead of the password itself:
class User(db.Model):
id = db.Column(db.Integer, primary_key=True)
email = db.Column(db.String(120), unique=True)
pw_hash = db.Column(db.String(120))
tasks = db.relationship('Task', backref='owner')
def __init__(self, email, password):
self.email = email
self.pw_hash = make_pw_hash(password)Now you'll need to update your database to get this to work since you've changed a model class (table) by dropping and re-creating the tables in a Python session.
And then you'll need to modify the login function so that it compares two hashes rather than two password strings:
if user and check_pw_hash(password, user.pw_hash):Code
View the final code from this lesson.