Collectives™ on Stack Overflow

Find centralized, trusted content and collaborate around the technologies you use most.

Teams

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

I am trying to create a website using flask, bcrypt and pymongo that allows you to register an account and login. Currently register is working but login is not. When I click login I get this error . My code:

from flask import Flask, render_template, url_for, request, session, redirect
from flask_pymongo import PyMongo
import bcrypt
app = Flask(__name__)
app.config['MONGO_DBNAME'] = 'websitetest'
app.config['MONGO_URI'] = 'mongodb://localhost:27017'
mongo = PyMongo(app)
@app.route('/')
def index():
    if 'username' in session:
        return('You are logged in as ' + session['username'])
    return render_template('index.html')
@app.route('/login', methods=['POST'])
def login():
    users = mongo.db.users
    login_user = users.find_one({'name': request.form['username']})
    if login_user:
        if bcrypt.hashpw(bytes(request.form['pass'], 'utf-8'), bytes(request.form['pass'], 'utf-8')) == bytes(request.form['pass'], 'utf-8'):
            session['username'] = request.form['username']
            return redirect(url_for('index'))
    return 'Invalid username/password combination.'
@app.route('/register', methods=['POST', 'GET'])
def register():
    if request.method == 'POST':
        users = mongo.db.users
        existing_user = users.find_one({'name': request.form['username']})
        if existing_user is None:
            hashpass = bcrypt.hashpw(request.form['pass'].encode('utf-8'), bcrypt.gensalt())
            users.insert({'name': request.form['username'], 'password': hashpass})
            session['username'] = request.form['username']
            return redirect(url_for('index'))
        return('That username already exists!')
    return render_template('register.html')
if __name__ == '__main__':
    app.secret_key = 'mysecret'
    app.run(debug=True)
Any help would be greatly appreciated. Thanks!
                Any reason your salt (the second parameter in brcypt.hashpw()) is a bytes encoded password (under if login_user) instead of bcrypt.gensalt(), taken from the bcrypt documentation?  Also, you should use brcypt.checkpw(password, hashed) from the same link.
– jarcobi889
                Jul 31, 2017 at 22:29
This line is not following the API description of bcrypt:
if bcrypt.hashpw(bytes(request.form['pass'], 'utf-8'), bytes(request.form['pass'], 'utf-8')) == bytes(request.form['pass'], 'utf-8'):
The docs say to compare like so:
if bcrypt.hashpw(password, hashed) == hashed:
hashed in your environment is represented by this line in your code:
hashpass = bcrypt.hashpw(request.form['pass'].encode('utf-8'), bcrypt.gensalt())
So you need to retrieve hashpass in some way so your code compares thusly:
if bcrypt.hashpw(bytes(request.form['pass'], 'utf-8'), hashpass) == hashpass:
Note that if you are using a more recent version (3x) of bcrypt, you should use:
bcrypt.checkpw(password, hashed):
                I know you're not supposed to do this, but thank you so much!! I have been trying to fix this for a few days!!
– ByteSize
                Jul 31, 2017 at 22:45
        
Thanks for contributing an answer to Stack Overflow!
Please be sure to answer the question. Provide details and share your research!
But avoid …
Asking for help, clarification, or responding to other answers.
Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.