0

我有一个Users表,其中password定义了一个列:

password | text | not null

并且这样定义的 SQLAlchemy 模型:

password = db.Column(PasswordType(schemes=['bcrypt'], max_length=128), nullable=False)

我可以使用此模型成功插入一行:

user = Users(first_name='James', last_name='Bond', password='aaa')
db.session.add(user)
db.session.commit()

But when selecting the row back I can't compare the password:

user = db.session.query(Users).join(ContactDetails).\
            filter(ContactDetails.email == 'james.bond@gmail.com').first()
assert user.password == 'aaa'

这会导致以下错误:

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../../../../.virtualenvs/amazon_sales/lib/python2.7/site-packages/sqlalchemy_utils/types/password.py:60: in __eq__
    valid, new = self.context.verify_and_update(value, self.hash)
../../../../.virtualenvs/amazon_sales/lib/python2.7/site-packages/passlib/context.py:2417: in verify_and_update
    record = self._get_or_identify_record(hash, scheme, category)
../../../../.virtualenvs/amazon_sales/lib/python2.7/site-packages/passlib/context.py:2026: in _get_or_identify_record
    return self._identify_record(hash, category)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <passlib.context._CryptConfig object at 0x10f5e7090>, hash = '\\x2432622431322457475a794c4e4a5973704e4f7750444b322e3766302e336c58365778506e7050767a2e6f394d317748716650717174796a6e4d3475'
category = None, required = True

    def identify_record(self, hash, category, required=True):
        """internal helper to identify appropriate custom handler for hash"""
        # NOTE: this is part of the critical path shared by
        #       all of CryptContext's PasswordHash methods,
        #       hence all the caching and error checking.
        # FIXME: if multiple hashes could match (e.g. lmhash vs nthash)
        #        this will only return first match. might want to do something
        #        about this in future, but for now only hashes with
        #        unique identifiers will work properly in a CryptContext.
        # XXX: if all handlers have a unique prefix (e.g. all are MCF / LDAP),
        #      could use dict-lookup to speed up this search.
        if not isinstance(hash, unicode_or_bytes_types):
            raise ExpectedStringError(hash, "hash")
        # type check of category - handled by _get_record_list()
        for record in self._get_record_list(category):
            if record.identify(hash):
                return record
        if not required:
            return None
        elif not self.schemes:
            raise KeyError("no crypt algorithms supported")
        else:
>           raise ValueError("hash could not be identified")
E           ValueError: hash could not be identified

../../../../.virtualenvs/amazon_sales/lib/python2.7/site-packages/passlib/context.py:1131: ValueError
4

1 回答 1

0

使用 bcrypt 的目的是不在数据库中存储明文密码。而是存储密码的 ~hash(如果您不清楚,您应该阅读文档PasswordTypeOWASP 身份验证备忘单并确保您理解它。)

您正在做的是通过 SQLAlchemy 魔术存储 bcrypt 密码,并将其与明文密码进行比较:

assert user.password == 'aaa'

而您应该对密码进行加密并将结果与​​数据库中存储的内容进行比较。看看bcrypt.hashpw

于 2017-10-20T12:04:46.427 回答