I am trying to understand how should I use argon2_cffi to store hashed passwords in my database.
Specifically, I am using this code to write the hashed password into my PostgreSQL table.
from argon2 import PasswordHasher
ph = PasswordHasher()
new_user = User(
name=POST.get('name', 'default_value'),
fullname=POST.get('fullname', 'default_value'),
nickname=POST.get('nickname', 'default_value'),
hashed_password=ph.hash(POST.get('password', 'default_value')))
session.add(new_user)
However, this produces a different password everytime the user inserts a password in my form, although the inserted text is the same.
Of course, I know this is he correct behaviour, but what should I do in order to verify that a given registered user has inserted the right password if I cannot produce the same hash?
Sorry, found out myself in the docs...
import argon2
ph = argon2.PasswordHasher()
def login(db, user, password):
hash = db.get_password_hash_for_user(user)
# Verify password, raises exception if wrong.
ph.verify(hash, password)
# Now that we have the cleartext password,
# check the hash's parameters and if outdated,
# rehash the user's password in the database.
if ph.check_needs_rehash(hash):
db.set_password_hash_for_user(user, ph.hash(password))