Search code examples
pythonflaskhashflask-adminflask-security

How to verify password hash on Flask-Admin

When we register a new user with Flask-Admin it will automatically generate a password hash.

enter image description here

How to verify the hash..? any similar method like check_password_hash on bycript, or like check_password_hash from werkzeug.security..?

I try this verify_password from Flask-Security but seems not work.

This is the snippet of my code:

config.py

SECURITY_PASSWORD_HASH = "pbkdf2_sha256"
SECURITY_PASSWORD_SALT = "ATGUOHAELKiubahiughaerGOJAEGj"

and this is my models.py

from flask_security import UserMixin
from werkzeug.security import check_password_hash

class User(db.Model, UserMixin):
    __tablename__ = 'user'
    id = db.Column(db.Integer, primary_key=True)
    email = db.Column(db.String(120), index=True, unique=True)
    password = db.Column(db.String(128))

    def check_password(self, password):
        # return verify_password(self.password, password)   # from Flask-Security
        # return verify_and_update_password(self.password, password) # from Flask-Security
        return check_password(self.password, password) # from werkzeug.security

No one of the chek_password work when I try to verify the password hash that automatically generated from Flask-Admin when a user first register, it always returns False like this.

>>> u1=db.session.query(User).filter_by(email='zidanecr7kaka@gmail.com').first()
>>> u1.check_password('123456')
False

But when I try to set the password manually like the bellow ways:

def set_password(self, password):
    # self.password = encrypt_password(password)    # from Flask-Security
    # self.password = hash_password(password)         # from Flask-Security
    self.password = generate_password_hash(password) # from werkzeug.security

It return True:

>>> u1=db.session.query(User).filter_by(email='zidanecr7kaka@gmail.com').first()
>>> u1.set_password('123456')
>>> u1.check_password('123456')
True

But when I try to check_password from password hash that automatically generated from Flask Admin when a user first register, it always returns False value:

So the point of my questions is, how to verify the password hash using Flask-Admin..?

Solution

  • I found this best answer of my case.

    so I making news module called utils.py, and here is the code:

    from flask_security.utils import _security, get_hmac, _pwd_context


def verify_password(password, password_hash):
    """Returns ``True`` if the password matches the supplied hash.

    :param password: A plaintext password to verify
    :param password_hash: The expected hash value of the password (usually form your database)
    """
    if _security.password_hash != 'plaintext':
        password = get_hmac(password)

    return _pwd_context.verify(password, password_hash)

    and then I modify my models.py be like this:

    from flask_security import UserMixin
from app.utils import verify_password


class User(db.Model, UserMixin):
    __tablename__ = 'user'
    id = db.Column(db.Integer, primary_key=True)
    email = db.Column(db.String(120), index=True, unique=True)
    password = db.Column(db.String())

    def check_password(self, password):
        return verify_password(password, self.password)

    Very thanks to who has answered that.