flask - check_password_hash not working properly in deployment : Forums : PythonAnywhere

flask - check_password_hash not working properly in deployment

Flask/SQLAlchemy

I am having some trouble with check_password_hash running on deployment. I have a User model with a login view function that checks the password hash against the user entered password. Simple enough.

I create my 'admin' user automatically through my create_app() function and commit it to the database on first app launch. That way, if it's the first time you start the app, you have an access point to the admin panel. That user is created with a generate_password_hash password from '123'.

This works on local machine during development!

user = User(username='admin', password=generate_password_hash('123'))
db.session.add(user)
db.session.commit()

Here's a simplified version of my view

# handles login
    if data.get('loginFormInput'):
        _username = data['loginFormInput'].get('username')
        _password = data['loginFormInput'].get('password')
        user = User.query.filter_by(username=_username).first()

        if user:
            # this check fails
            if check_password_hash(user.password, _password):
                # return success

I tried removing any password hashes and creating an user that way, and I was able to login successfully. The problem lies specifically in the generate_password_hash/check_password_hash functions. I'm thinking it probably generates different hashes or something as I've seen mentioned on another post.

Any thoughts? I truly do not understand this behaviour.

deleted-user-4828311 | 1 post | Nov. 15, 2018, 3:01 a.m. | permalink

It might be worth printing out user.password and generate_password_hash(_password) in your view code -- the output will go to the server log, and you can see what the values are, which might give you some indication of the issue.

giles | 12095 posts | PythonAnywhere staff | Nov. 17, 2018, 2:36 p.m. | permalink

I'm having the same issue. Generate password hash on pythonanywhere isn't generating a hash that matches the user entered password. It works fine locally, I can even check the generated hashes on someone else's computer, and the locally created hashes match, but the ones created on pythonanywhere do not.

deleted-user-9498506 | 1 post | May 22, 2021, 6:28 p.m. | permalink

Did you try to follow debugging recommendation Giles posted above?

fjl | 4614 posts | PythonAnywhere staff | May 23, 2021, 5:07 p.m. | permalink