I have problems with the bcrypt module

Community Cloud
1

I will say in advance that the code run locally works completely without errors.

First page (sign up):
if the form is filled out correctly, the received data is processed by the create_account method and entered into the database.
But when submitting the form, an error occurs (indicated below in the logs)

Second page (sign in):
When I enter the correct user data, the page refreshes, but nothing else happens, although the page components should be displayed.

Q: What do I need to do to fix this error?

Here is a link to my repository:

deploy logs:

Traceback (most recent call last):

  File "/home/adminuser/venv/lib/python3.11/site-packages/streamlit/runtime/scriptrunner/script_runner.py", line 552, in _run_script

    exec(code, module.__dict__)

  File "/mount/src/gradehubplus/sign_up.py", line 70, in <module>

    _state = auth.create_acc(

             ^^^^^^^^^^^^^^^^

  File "/mount/src/gradehubplus/db_management.py", line 452, in create_acc

    handler_state = self.__create_acc_handler(

                    ^^^^^^^^^^^^^^^^^^^^^^^^^^

  File "/mount/src/gradehubplus/db_management.py", line 497, in __create_acc_handler

    valid = self.check_hash_key(key, h_key)

            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  File "/mount/src/gradehubplus/db_management.py", line 126, in __check_hash_key

    valid = bc.checkpw(

            ^^^^^^^^^^^

  File "/home/adminuser/venv/lib/python3.11/site-packages/bcrypt/__init__.py", line 91, in checkpw

    ret = hashpw(password, hashed_password)

          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  File "/home/adminuser/venv/lib/python3.11/site-packages/bcrypt/__init__.py", line 84, in hashpw

    return _bcrypt.hashpass(password, salt)

           ^^^^^^^^^^^^^^^^

AttributeError: module 'bcrypt._bcrypt' has no attribute 'hashpass'
2

Any reason why you are using the very old python-bcrypt package and not the newer bcrypt package?
Have you tried bcrypt instead?
And probably you could also have the same functionality just by using hashlib from the python standard library?

3

I only need to hash the password and check it for validity.
I uninstalled bcryprt with pip uninstall bcrypt and then installed it again via pip install bcrypt. The requirements.txt file was created using pipreqs --encoding=utf8

If I use hashlib, will it help me?

4

Here is a simple example with the builtin hashlib library:

import hashlib
import os
from typing import Tuple

def hash(password: str, salt: bytes) -> bytes:
    """
    Hash the provided password and salt using PBKDF2.
    """
    return hashlib.pbkdf2_hmac('sha256', password.encode('utf-8'), salt, 100000)

def hash_new_password(password: str) -> Tuple[bytes, bytes]:
    """
    Hash the provided password with a randomly-generated salt and return the
    salt and hash to store in the database.
    """
    salt = os.urandom(16)
    pw_hash = hash(password, salt)
    return salt, pw_hash

def is_correct_password(salt: bytes, pw_hash: bytes, password: str) -> bool:
    """
    Given a previously-stored salt and hash, and a password provided by a user
    trying to log in, check whether the password is correct.
    """
    new_hash = hash(password, salt)
    return new_hash == pw_hash

def main():
    salt, pw_hash = hash_new_password('my secret password')
    print(pw_hash.hex())
    print(salt.hex())
    assert is_correct_password(salt, pw_hash, 'my secret password')
    assert not is_correct_password(salt, pw_hash, 'my wrong password')

if __name__ == '__main__':
    main()
5

I changed the methods on the new hashlib module, now I have a problem logging into my account through Authenticate.login (streamlit_authenticator module). When you enter the correct data, the page is updated, but nothing happens further.

The auth_pws variable contains a tuple of all passwords (in the database), the password format is b'~\xd0\...\xec>' without salt.
Should I combine the salt and the password hash, passing that as the password to be verified by the .login method?

Authorization code example:

import streamlit as st
import streamlit_authenticator as stauth
from db_management import AuthorizationHandler


# ...
auth = AuthorizationHandler()
auth_state, auth_full_names, auth_logins, auth_pws = auth.login_acc()
authenticator = stauth.Authenticate(
    auth_full_names, auth_logins, auth_pws, 
    cookie_name='XXX', key='XXX', 
    cookie_expiry_days=7
)

# ...
if auth_state:
    page_full_name, page_auth_status, page_login = authenticator.login(
        '...', 'main'
    )
    if page_auth_status == None: st.info('...', icon='❕')
    elif page_auth_status:
        ...
    elif not page_auth_status: st.error('...', icon='❌')
6

bcrypt combines the hash and the salt itself in its result.
hashlib does not, therefore you would have to combine them yourself or store them separately.

However, so far I haven’t seen you even try to replace python-bcrypt with bcrypt to solve the original problem…

8

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.