如何修复此错误：ValueError: Invalid salt in flask?

Question

有人能帮助我吗？ 我收到此错误：

值错误：无效的盐

我正在尝试创建一个登录页面并注册。 问题是，当我要login用户名和密码。 寄存器没问题

app.py

from os import close
from flask import Flask, render_template, redirect, request, url_for, session, flash
from flask_mysqldb import MySQL, MySQLdb
import bcrypt

app = Flask(__name__)
app.config['MYSQL_HOST'] = 'localhost'
app.config['MYSQL_USER'] = 'root'
app.config['MYSQL_PASSWORD'] = ''
app.config['MYSQL_DB'] = 'opensol'
app.config['MYSQL_CURSORCLASS'] = 'DictCursor'
mysql = MySQL(app)


@app.route("/")
def home():
    return render_template("index.html")


@app.route('/register', methods=["GET", "POST"])
def register():
    if request.method == 'GET':
        return render_template("register.html")
    else:
        iden = request.form['id']
        username = request.form['username']
        email = request.form['email']
        password = request.form['password'].encode('utf-8')
        hash_password = bcrypt.hashpw(password, bcrypt.gensalt())
        cur = mysql.connection.cursor()
        cur.execute("INSERT INTO clientes (cl_id,cl_username,cl_email,cl_password) VALUES (%s,%s,%s,%s)",
                    (iden,username, email, hash_password,))
        mysql.connection.commit()
        session['username'] = username
        session['email'] = email
        session['id'] = iden
        return redirect(url_for("home"))

# login


@app.route('/login', methods=["GET", "POST"])
def login():
    if request.method == "POST":
        username = request.form['username']
        password = request.form['password'].encode('utf-8')

        cur = mysql.connection.cursor(MySQLdb.cursors.DictCursor)
        cur.execute("SELECT * FROM clientes WHERE cl_username=%s", (username,))
        user = cur.fetchone()
        cur.close()

        if user is None:
            flash("No encontrado") 

            return render_template("login.html")
        else:

            if bcrypt.hashpw(password, user["cl_password"].encode('utf-8')) == user["cl_password"].encode('utf-8'):
                session['username'] = user['cl_username']
                session['email'] = user['cl_email']
                session['id'] = user['cl_id']
                return render_template("principal.html")
            else:
                return "Error password and email not match"

    else:
        return render_template(url_for('home'))


@app.route('/logout')
def logout():
    session.clear()
    return render_template("home.html")


if __name__ == '__main__':
    app.secret_key = "012#!ApaAjaBoleh)(*%"
    app.run(debug=True)

有什么帮助吗？

Answer 1

您可以使用flask-bcrypt而不是使用bcrypt 。 flask-bcrypt 是一个烧瓶扩展，这意味着它针对与烧瓶一起使用进行了优化。

现在，您可以通过以下方式安装flask-bcrypt ：

pip install flask-bcrypt

我建议对您的代码进行这些必要的更改：

1.导入flask-bcrypt

from os import close
from flask import Flask, render_template, redirect, request, url_for, session, flash
from flask_mysqldb import MySQL, MySQLdb

# import bcrypt  <--- no need of this

from flask_bcrypt import Bcrypt    # <--- importing flask_bcrypt

2. 用应用程序初始化

app = Flask(__name__)
app.config['MYSQL_HOST'] = 'localhost'
app.config['MYSQL_USER'] = 'root'
app.config['MYSQL_PASSWORD'] = ''
app.config['MYSQL_DB'] = 'opensol'
app.config['MYSQL_CURSORCLASS'] = 'DictCursor'
mysql = MySQL(app)
bcrypt = Bcrypt(app) # <---- add this line

3. 在def register():这些更改def register():

password = request.form['password'].encode('utf-8')       # <--- remove .encode('utf-8')
hash_password = bcrypt.hashpw(password, bcrypt.gensalt()) # < --- remove this line

hash_password = bcrypt.generate_password_hash(password).decode('utf-8') # <-- add this line

4.在def login()这些更改：

password = request.form['password'].encode('utf-8') # <-- again, no need of .encode('utf'-8)

if bcrypt.hashpw(password, user["cl_password"].encode('utf-8')) == user["cl_password"].encode('utf-8'): # < --- remove this line

if bcrypt.check_password_hash(user['cl_password'],password):  # < --- add this line

很明显， flask-bcrypt在实现方面非常简单。 进行以上更改后，您的应用程序将顺利执行注册-登录功能。

一个小技巧（题外话）：永远不要硬编码你的app.secret_key 。 相反，将密钥声明为环境变量，然后访问它。