Flask - 简单登录页面 - 无效的哈希密码

我正在尝试使用 Flask-Scrypt 创建一个基本的 Flask 登录页面，以将密码安全地存储在数据库中。

根据打印的调试： 正在尝试密码验证... 检查用户密码：admin 尝试的哈希密码：b'89ABrlAbxdOeLlup4L96Cv5sqsFL7xYmPNrS/fZ58Po40J4+zK8BqYZTt9Gqkm+/+fRKs/etPSTyJHfeRlFLg==' 存储的哈希密码：89ABrlAbxdOeLlup4L96Cv5sqsFL7xYmPNrS/fZ58Po40J4+zK8BqYZTt9Gqkm+/+fRKs/etPSTyJHfeRlFLg== 无效的密码 渲染login.html...

这是 models.py：

# app/models.py

from . import db
from flask_scrypt import generate_random_salt, generate_password_hash, check_password_hash
import os
import base64

class User(db.Model):
    __tablename__ = 'users'
    userID = db.Column('userID', db.Integer, primary_key=True)
    username = db.Column('username', db.String(50), unique=True, nullable=False)
    password_hash = db.Column('password_hash', db.String(200), nullable=False)
    salt = db.Column('salt', db.String(200), nullable=False)

    def __init__(self, username, password):
        self.username = username
        self.set_password(password)

    def set_password(self, password):
        self.salt = generate_random_salt()
        print("Salt before hashing:", self.salt)  # Debugging
        password_bytes = password.encode('utf-8')
        self.password_hash = generate_password_hash(password_bytes + self.salt, salt=self.salt)

    def check_password(self, password):
        print("Checking password for user:", self.username)
        password_bytes = password.encode('utf-8')
        salt_bytes = self.salt.encode('utf-8')
        hashed_password_attempt = generate_password_hash(password_bytes + salt_bytes, salt=salt_bytes)
        print("Hashed password from attempt:", hashed_password_attempt)  # Debugging
        print("Stored hashed password:", self.password_hash)  # Debugging
        return check_password_hash(self.password_hash, password_bytes, salt=salt_bytes)

这是routes.py

from flask import Blueprint, render_template, redirect, url_for, flash
from flask_login import login_user
from .forms import LoginForm
from .models import User
from . import db

auth = Blueprint("auth", __name__)
main = Blueprint("main", __name__)
admin = Blueprint("admin", __name__)

@auth.route("/login", methods=['GET', 'POST'])
def login():
    form = LoginForm()
    if form.validate_on_submit():
        # Retrieve user record from the database based on the provided username
        user = User.query.filter_by(username=form.username.data).first()
        print("User:", user)  # Debugging: Print user to check if retrieved
        if user:
            # Verify the password
            print("Attempting password verification...")  # Debugging: Check password verification attempt
            if user.check_password(form.password.data):
                # Password matches, authentication successful
                print("Password verified. Logging in...")  # Debugging: Indicate successful password verification
                login_user(user)
                return redirect(url_for('admin.admin_panel'))
            else:
                # Password doesn't match, render login page with error message
                print("Invalid password")  # Debugging: Indicate invalid password
                flash('Invalid username or password', 'error')
        else:
            # User not found, render login page with error message
            print("User not found")  # Debugging: Indicate user not found
            flash('Invalid username or password', 'error')

    # If GET request or form validation failed, render the login page
    print("Rendering login.html...")  # Debugging: Indicate rendering of login.html
    return render_template('login.html', form=form)

@main.route("/")
def index():
    return render_template("index.html")

@admin.route("/admin")
def admin_panel():
    return render_template("admin.html")

它正在 mysql 数据库中查找详细信息，并根据调试找到正确的密码哈希，但将其记录为无效。

我尝试了 check_password 函数的多种变体