我有一个简单的应用程序来验证用户登录。我写了一个测试密码脚本来确保身份验证有效。然而,它永远不会成功,即使它应该用于我的测试用例。
代码如下:
# Validate Form
if form.validate_on_submit():
email = form.email.data
password = form.password_hash.data
password_hash = generate_password_hash("password", "sha256")
# Clear the form
form.email.data = ''
form.password_hash.data = ''
# Lookup User Password by email
pw_to_check = get_user_pwd(email) # this gets the DB password (hashed)
# Check Hashed Password
passed = check_password_hash(pw_to_check, password)
return render_template("test_pw.html",
email = email,
password = password,
pw_to_check = pw_to_check,
password_hash =password_hash,
passed = passed,
form = form)
def get_user_pwd(email): # this function gets the user password by email
with connection:
with connection.cursor() as cursor:
password_hash = "NONE"
cursor.execute("SELECT password_hash FROM users WHERE email=email;")
password_hash = cursor.fetchone()[0]
return password_hash
HTML
{% if email %}
<h1>Email: {{ email }}</h1>
<h1>Password: {{ password }}</h1>
<br/>
<h2>I found this info:</h2>
<br/>
Email: {{email}}<br/>
PW in DB (hash): {{pw_to_check}}<br/>
PW in form (hash): {{password_hash}}<br/>
<br/>
Passed: {{ passed }}
{% else %}
<h1>What's Your Email and Password?</h1>
<br/>
<form method="POST">
{{ form.hidden_tag() }}
{{ form.email.label(class="form-label") }}
{{ form.email(class="form-control") }}
<br/>
{{ form.password_hash.label(class="form-label") }}
{{ form.password_hash(class="form-control") }}
<br/>
{{ form.submit(class="btn btn-secondary") }}
</form>
“passed = check_password_hash(pw_to_check, password)”语句的结果始终为假。 有什么我想念的吗?这看起来很简单,但我确定我做错了什么。 任何帮助都感激不尽。 [email protected]
几件事:
1 - 我确保存储在数据库中的密码哈希是使用 generate_password_hash("password", "sha256") (password=password12345 )and
2 - 登录表单中使用的密码完全相同(password12345)
3 - 发布了一个类似的问题,问题是发送到 check_password_hash 函数的 password_hash 是一个元组。所以解决方案是指向 tupple[0] 的第一个元素。在我的例子中,我使用 password_hash = cursor.fetchone()[0] 来避免这个问题。