Bcrypt 哈希返回类型错误(“在哈希之前必须对 Unicode 对象进行编码”)和无效的盐


我已经查看了与此相关的所有 StackOverflow 问题,但我似乎无法弄清楚这一点。当我对密码进行哈希处理并对其自身进行检查时,它会使用当前代码返回 TypeError“必须在哈希处理之前对 Unicode 对象进行编码”:

from scripts import tabledef
from flask import session
from sqlalchemy.orm import sessionmaker
from contextlib import contextmanager
import bcrypt

(Unrelated Python code...)

def hash_password(password):
     return bcrypt.hashpw(password.encode('utf8'), bcrypt.gensalt())

def credentials_valid(username, password):
    with session_scope() as s:
        user = s.query(tabledef.User).filter(
        if user:

            return bcrypt.checkpw(password.encode('utf8'), user.password)
            return False

当我尝试通过设置来修复此错误时user.password= user.password.encode('utf8'),我得到“无效盐”。


更新: 我通过 Flask 输入存储用户的密码:

import json
import sys
import os
import plotly
import pandas as pd
import numpy as np
import plotly.graph_objs as go

from scripts import tabledef
from scripts import forms
from scripts import helpers
from flask import Flask, redirect, url_for, render_template, request, session, flash, Markup
from flask_socketio import SocketIO, emit

@app.route('/', methods=['GET', 'POST'])
def login():
    if not session.get('logged_in'):
        form = forms.LoginForm(request.form)
        if request.method == 'POST':
            username = request.form['username'].lower()
            password = request.form['password']
            if form.validate():
                if helpers.credentials_valid(username, password):
                    session['logged_in'] = True
                    session['username'] = username
                    session['email'] = request.form['email']
                    session['password'] = request.form['password']
                    return json.dumps({'status': 'Login successful'})
                return json.dumps({'status': 'Invalid user/pass'})
            return json.dumps({'status': 'Both fields required'})
        return render_template('login.html', form=form)
    user = helpers.get_user()
    return render_template('home.html', user=user)

@app.route('/signup', methods=['GET', 'POST'])
def signup():
    if not session.get('logged_in'):
        form = forms.LoginForm(request.form)
        if request.method == 'POST':
            username = request.form['username'].lower()
            password = helpers.hash_password(request.form['password'])
            email = request.form['email']
            if form.validate():
                if not helpers.username_taken(username):
                    helpers.add_user(username, password, email)
                    session['logged_in'] = True
                    session['username'] = username
                    session['email'] = request.form['email']
                    session['password'] = request.form['password']
                    return json.dumps({'status': 'Signup successful'})
                return json.dumps({'status': 'Username taken'})
            return json.dumps({'status': 'User/Pass required'})
        return render_template('login.html', form=form)
    return redirect(url_for('login'))


/lib/python3.5/site-packages/flask/app.py", line 1718, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/home/suraj/Documents/Programming/current-projects/GW_Dining_Tracker/env/lib/python3.5/site-packages/flask/_compat.py", line 35, in reraise
    raise value
  File "/home/suraj/Documents/Programming/current-projects/GW_Dining_Tracker/env/lib/python3.5/site-packages/flask/app.py", line 1813, in full_dispatch_request
    rv = self.dispatch_request()
  File "/home/suraj/Documents/Programming/current-projects/GW_Dining_Tracker/env/lib/python3.5/site-packages/flask/app.py", line 1799, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/home/suraj/Documents/Programming/current-projects/GW_Dining_Tracker/Flaskex-master/app.py", line 34, in login
    if helpers.credentials_valid(username, password):
  File "/home/suraj/Documents/Programming/current-projects/GW_Dining_Tracker/Flaskex-master/scripts/helpers.py", line 64, in credentials_valid
    return bcrypt.checkpw(password.encode('utf8'), user.password)
  File "/home/suraj/Documents/Programming/current-projects/GW_Dining_Tracker/env/lib/python3.5/site-packages/bcrypt/__init__.py", line 101, in checkpw
    raise TypeError("Unicode-objects must be encoded before checking")
TypeError: Unicode-objects must be encoded before checking

问题是您正在从 SQLAlchemy 获取值String列并将其传递给bcrypt.checkpw. String适用于 Unicode 字符串,它提供的值如下str. But bcrypt仅适用于字节字符串,因此它需要一个bytes。这就是TypeError“Unicode 对象必须在散列之前进行编码”就是在告诉您。

根据您使用的数据库后端和 DB-API 库(对于某些后端,还取决于数据库的配置方式),当您保存bytes value s to a String列,它可能会节省s.decode(),在这种情况下你可以使用user.password.encode()取回相同的字节,但可能不会。例如,它也可以只保存,比如说,str(s)。在这种情况下,如果哈希值是bytes value b'abcd',列值将是字符串"b'abcd'",所以并调用encode这让你b"b'abcd'", not b'abcd'.

The cleanest way to handle this is to use a Binary column1—or, maybe better, Binary(60)2—to store your hashes, instead of a String column. Any DB-API that supports Binary will just store a bytes as-is, and return it as a bytes, which is exactly what you want.

1. Binary is an optional type. If it isn't present for your DB-ABI, the same type may be available as BINARY. If not, look through the list of types and try other types that inherit from _Binary. The ones without "large" in their name or acronym will probably be more efficient, but otherwise any of them should work.

2. With the default settings, bcrypt printable digests will always be exactly 60 bytes. Databases can generally store fixed-width fields like BINARY(60) more compactly, and search them more quickly than variable-width fields like VARBINARY. Just using plain BINARY may be fine, but it may also work like VARBINARY, or it may waste space and work like BINARY(255), etc.


