Flask-Bcrypt is a Flask extension that provides bcrypt hashing utilities for your application.

Related tags

Flask flask-bcrypt
Overview

Flask-Bcrypt

Flask-Bcrypt is a Flask extension that provides bcrypt hashing utilities for your application.

Due to the recent increased prevelance of powerful hardware, such as modern GPUs, hashes have become increasingly easy to crack. A proactive solution to this is to use a hash that was designed to be "de-optimized". Bcrypt is such a hashing facility; unlike hashing algorithms such as MD5 and SHA1, which are optimized for speed, bcrypt is intentionally structured to be slow.

For sensitive data that must be protected, such as passwords, bcrypt is an advisable choice.

Installation

Install the extension with one of the following commands:

$ easy_install flask-bcrypt

or alternatively if you have pip installed:

$ pip install flask-bcrypt

Usage

To use the extension simply import the class wrapper and pass the Flask app object back to here. Do so like this:

from flask import Flask
from flask_bcrypt import Bcrypt

app = Flask(__name__)
bcrypt = Bcrypt(app)

Two primary hashing methods are now exposed by way of the bcrypt object. Use them like so:

pw_hash = bcrypt.generate_password_hash('hunter2')
bcrypt.check_password_hash(pw_hash, 'hunter2') # returns True

Documentation

The Sphinx-compiled documentation is available here: http://packages.python.org/Flask-Bcrypt/

Comments
  • Python 3 support (another attempt) [all tests now passing!]

    Python 3 support (another attempt) [all tests now passing!]

    Hey there,

    My version of Python 3 support gets closer to passing all tests with one problem remaining; the test_check_hash_unicode_is_utf8 test fails on Python 3.3. Unfortunately, I think it may be literally impossible to get this to work across versions.

    The reason is that '\xe2\x98\x83' is interpreted as a pure string in Python 2.x and therefore the Bcrypt hashpw function treats it as such. On Python 3.x, it is treated as unicode and likely re-encoded by the hashpw function.

    You may see the different results generated by hashpw below on both versions:

    Python 2.7:

    Python 2.7.3 (default, Apr 10 2013, 06:20:15)
    [GCC 4.6.3] on linux2
    Type "help", "copyright", "credits" or "license" for more information.
    >>> import bcrypt
    >>> bcrypt.hashpw('\xe2\x98\x83', '$2a$12$43ZhLeQrxZJx6DGLrKOj0u')
    '$2a$12$43ZhLeQrxZJx6DGLrKOj0uHuLMhu4KxcqM5oYNlBfuJHaIyNHX2j6'
    >>>
    

    Python 3.3:

    Python 3.3.3 (default, Dec 27 2013, 19:27:19)
    [GCC 4.6.3] on linux
    Type "help", "copyright", "credits" or "license" for more information.
    >>> import bcrypt
    >>> bcrypt.hashpw('\xe2\x98\x83', '$2a$12$43ZhLeQrxZJx6DGLrKOj0u')
    '$2a$12$43ZhLeQrxZJx6DGLrKOj0u1r.ztyYrn8eqOtMsAyx303JZwp0FkIG'
    >>>
    

    Please let me know your thoughts and whether or not you would be willing to remove this test and accept my proposed solution :smile:

    All the best Fotis

    opened by fgimian 22
  • pw_hash needs to be encoded in check_password_hash()

    pw_hash needs to be encoded in check_password_hash()

    The password hash needs to be encoded like the password in the check_password_hash() method. As is, the 0.7.0 version raises an error when using a unicode password hash. Python 2.7

    opened by maximebf 17
  • problems when install flask-bcrypt on windows 32 bits and python3.4

    problems when install flask-bcrypt on windows 32 bits and python3.4

    Hi dear friends,

    I'm using the flask-bcrypt after I've started to use flask-cookiecutter
    it is a good lib, but now I've have problems to install it on a windows 32 bits and with python 3.4.

    the python-bcrypt seems to be out dated.

    Do you have some recommendation to install flask-bcrypt on this environment?

    The python-bcrypt doesn't have any update since 2014-07-22 ... I saw other bcrypt implementation called bcrypt .. and that seems to be updated recently .. do you have some plan to migrate the bcrypt library?

    My best regards,

    opened by xmnlab 16
  • Release 1.0.0

    Release 1.0.0

    Closes #65

    To match source code and release I suggest using automatic releases

    pls add PYPI_PASSWORD to repo's secrets and create a new release, package be automatically deployed to pypi

    I suggest updating version to 1.0.0

    opened by mahenzon 15
  • use bcrypt instead of py-bcrypt for supporting Windows + python3

    use bcrypt instead of py-bcrypt for supporting Windows + python3

    I met msvc++ 10.0 error while developing on windows with python3 because of py-bcrypt package. To solve that problem, I found bcrypt pacakge that doesn't cause error and replace py-bcrypt to bcrypt.

    opened by toughrogrammer 9
  • fail when try to authenticate

    fail when try to authenticate

    Hi, I've realized that when I create a user with bcrypt password, the check password works just for that current day ... the next day .. the password doesn't match.

    What am I doing wrong?

    Thank you.

    opened by xmnlab 8
  • update documentation

    update documentation

    There's an error in your docs: https://pythonhosted.org/Flask-Bcrypt/#usage

    This:

    import flask
    from flaskext.bcrypt import Bcrypt
    
    app = Flask(__name__)
    bcrypt = Bcrypt(app)
    

    Should be:

    import flask
    from flask.ext.bcrypt import Bcrypt
    
    app = Flask(__name__)
    bcrypt = Bcrypt(app)
    

    (missing the "dot" -> flaskext.bcrypt import Bcrypt)

    opened by mjhea0 8
  • Broken with Bcrypt 2.0.0

    Broken with Bcrypt 2.0.0

    The "check_password_hash" method throws an error: TypeError: hashpw() argument 1 must be str, not bytes

    If you comment out lines 180 to 191 in "flask_bcrypt.py" it then works. I assume this is not the best approach or I would do a pull request.

    Thanks!

    opened by sphildreth 7
  • TypeError: Unicode-objects must be encoded before hashing

    TypeError: Unicode-objects must be encoded before hashing

    password = b'super secret password' hashpw= b'$2b$12$iyUDXZ.BX0jV2xfdZI7Ame4BB1lkIrZILNPe3Nax4gUMnqWU9lAv2'

      File "/home/ser/GIT/topitup/login_bp.py", line 82, in index
        if username and bcrypt_flask.check_password_hash(pwhash, password):
      File "/usr/lib/python3.4/site-packages/flask_bcrypt.py", line 180, in check_password_hash
        return safe_str_cmp(bcrypt.hashpw(password, pw_hash), pw_hash)
      File "/usr/lib/python3.4/site-packages/bcrypt/__init__.py", line 139, in hashpw
        raise TypeError("Unicode-objects must be encoded before hashing")
    TypeError: Unicode-objects must be encoded before hashing
    

    Python 3.4.3 (default, Mar 25 2015, 17:13:50)

    opened by ser 5
  • Docs hosted online

    Docs hosted online

    Hi. Can you update the online version of docs?

    If it is sounds hard or time-consuming to you, try readthedocs.org. http://readthedocs.org/docs/read-the-docs/en/latest/getting_started.html#import-your-docs It will take you 5 minutes to start using the site, but then updating docs will be mush easier.

    opened by alekzvik 5
  • Works in Python2 but not in Python (Invalid Salt)

    Works in Python2 but not in Python (Invalid Salt)

    Hey there,

    I am getting some odd behaviour in Python3.

    My code looks like this:

    default_user = User(name="John Doe")
    default_user.set_password("password")
    assert default_user.check_password("password") is True
    assert default_user.check_password("kldsjfsakdjf") is False
    

    set_password is defined as:

        def set_password(self, password):
            self.password = bcrypt.generate_password_hash(password)
    
        def check_password(self, value):
            # Users without password can't log in
            # we prevent to hash an empty string
            if not value and not self.password:
                return False
            return bcrypt.check_password_hash(self.password, value)
    

    This code works great in Python2. When I run the same code in Python3 I get the "Invalid Salt" error.

    Investigating it looks like instead of the hash being written to my db (Postgres) I get a different string.

    For example in Python 3 when I look at User.password in the db I see:

    \x24326224313324674b644e614e5570476d347143502e6539735063704f4e392e6a2e5956714b726a537575312e354e4c4971505761464e3771423843
    

    instead of

    b'$2b$13$gKdNaNUpGm4qCP.e9sPcpON9.j.YVqKrjSuu1.5NLIqPWaFN7qB8C'
    

    which is the value before I save the user and the one I should receive when I check it.

    This looks like some kind of encoding error but I can't pinpoint what it is doing it! Any suggestions would be greatly appreciated. 😄

    opened by Cabalist 4
  • Allow overriding _handle_long_passwords

    Allow overriding _handle_long_passwords

    This introduces an optional parameter for the generate_password_hash and check_password_hash member functions. It overrides the default set by BCRYPT_HANDLE_LONG_PASSWORDS. As mentioned in #45 it might introduce a bit more complexity, but there are reasonable use cases for this, e.g.:

    • If you did not allow long passwords in the past and want to transition to allowing it afterwards in your already deployed application.
    • If you want to support long passwords but want to reduce computational cost as most users don't use 72-byte passwords.

    Both cases require the option to use both methods in the same application which was currently not possible (or at least not in a simple way as it required two instances of flask_bcrypt.Bcrypt() and manually overriding the "protected" _handle_long_passwords variable on one of those).

    opened by bliepp 0
  • Flask-Bcrypt not working with latest version of Bcrypt

    Flask-Bcrypt not working with latest version of Bcrypt

    Bcrypt just release new version 4.0.0 https://pypi.org/project/bcrypt/#history on August 24th and your module will not work with this version. I think fixed bcrypt version at 3.2.0 or below 4.0.0 will prevent an error happens like we had.

    File "/usr/local/lib/python3.6/site-packages/flask_bcrypt.py", line 193, in check_password_hash
    return safe_str_cmp(bcrypt.hashpw(password, pw_hash), pw_hash)
    File "/usr/local/lib/python3.6/site-packages/bcrypt/__init__.py", line 84, in hashpw
    return _bcrypt.hashpass(password, salt)
    TypeError: argument 'salt': 'bytearray' object cannot be converted to 'PyBytes'
    opened by vinhliem 1
  • Inconsistency between readthedocs and Github Readme

    Inconsistency between readthedocs and Github Readme

    Hi,

    there is a small inconsistency between the README in this repo and the documentation on readthedocs.io. The compiled version for 1.0.1 includes the following section under "Usage", which is not found here:

    In Python 3, you need to use decode(‘utf-8’) on generate_password_hash(), like below: pw_hash = bcrypt.generate_password_hash(‘hunter2’).decode(‘utf-8’)

    opened by mohoyer 0
  • Python 3.10 support

    Python 3.10 support

    The latest versions of flask-bcrypt don't support python 3.10, though many of the flask extensions we use have. This causes a problem since the 0.7.1 release of flask-bcrypt isn't updated for the latest version of werkzeug, which causes the following import error on python 3.10 environments

    File "..env/lib/python3.9/site-packages/flask_bcrypt.py", line 21, in <module>
        from werkzeug.security import safe_str_cmp
    ImportError: cannot import name 'safe_str_cmp' from 'werkzeug.security'
    
    opened by JWKennington 2
  • ImportError: No module named bcrypt._bcrypt In GAE

    ImportError: No module named bcrypt._bcrypt In GAE

    bcrypt is required to use Flask-Bcrypt ERROR 2016-11-10 09:07:35,749 wsgi.py:263] Traceback (most recent call last): File "/home/emu/google-cloud-sdk/platform/google_appengine/google/appengine/runtime/wsgi.py", line 240, in Handle handler = _config_handle.add_wsgi_middleware(self._LoadHandler()) File "/home/emu/google-cloud-sdk/platform/google_appengine/google/appengine/runtime/wsgi.py", line 299, in _LoadHandler handler, path, err = LoadObject(self._handler) File "/home/emu/google-cloud-sdk/platform/google_appengine/google/appengine/runtime/wsgi.py", line 85, in LoadObject obj = import(path[0]) File "/home/emu/GCP/gcp-bcrypt/main.py", line 5, in from flask.ext.bcrypt import Bcrypt File "/home/emu/GCP/gcp-bcrypt/lib/flask/exthook.py", line 81, in load_module reraise(exc_type, exc_value, tb.tb_next) File "/home/emu/GCP/gcp-bcrypt/lib/flask_bcrypt.py", line 27, in raise e ImportError: No module named bcrypt._bcrypt

    I've create a Google App Engine project. And add Flask-Bcrypt in my requirements.txt file. Then install the dependencies in my project lib folder. When I run the project this gives me above error. But my Flask module which is also a 3rd party library works fine. What's the solution? I'm using Python 2.7

    opened by imtiaz-emu 4
Owner
Max Countryman
Distributed systems, functional programming, cloud computing.
Max Countryman
Flask-Starter is a boilerplate starter template designed to help you quickstart your Flask web application development.

Flask-Starter Flask-Starter is a boilerplate starter template designed to help you quickstart your Flask web application development. It has all the r

Kundan Singh 259 Dec 26, 2022
flask-reactize is a boostrap to serve any React JS application via a Python back-end, using Flask as web framework.

flask-reactize Purpose Developing a ReactJS application requires to use nodejs as back end server. What if you want to consume external APIs: how are

Julien Chomarat 4 Jan 11, 2022
MongoEngine flask extension with WTF model forms support

Flask-MongoEngine Info: MongoEngine for Flask web applications. Repository: https://github.com/MongoEngine/flask-mongoengine About Flask-MongoEngine i

MongoEngine 815 Jan 3, 2023
A caching extension for Flask

Flask-Caching Adds easy cache support to Flask. This is a fork of the Flask-Cache extension. Flask-Caching also includes the cache module from werkzeu

Peter Justin 774 Jan 2, 2023
Rate Limiting extension for Flask

Flask-Limiter Flask-Limiter provides rate limiting features to flask routes. It has support for a configurable backend for storage with current implem

Ali-Akber Saifee 922 Jan 8, 2023
SeaSurf is a Flask extension for preventing cross-site request forgery (CSRF).

Flask-SeaSurf SeaSurf is a Flask extension for preventing cross-site request forgery (CSRF). CSRF vulnerabilities have been found in large and popular

Max Countryman 183 Dec 28, 2022
A flask extension using pyexcel to read, manipulate and write data in different excel formats: csv, ods, xls, xlsx and xlsm.

Flask-Excel - Let you focus on data, instead of file formats Support the project If your company has embedded pyexcel and its components into a revenu

null 247 Dec 27, 2022
flask extension for integration with the awesome pydantic package

Flask-Pydantic Flask extension for integration of the awesome pydantic package with Flask. Installation python3 -m pip install Flask-Pydantic Basics v

null 249 Jan 6, 2023
A Flask extension that enables or disables features based on configuration.

Flask FeatureFlags This is a Flask extension that adds feature flagging to your applications. This lets you turn parts of your site on or off based on

Rachel Greenfield 131 Sep 26, 2022
A Flask extension that enables or disables features based on configuration.

Flask FeatureFlags This is a Flask extension that adds feature flagging to your applications. This lets you turn parts of your site on or off based on

Rachel Greenfield 124 Jan 22, 2021
A Flask extension that enables or disables features based on configuration.

Flask FeatureFlags This is a Flask extension that adds feature flagging to your applications. This lets you turn parts of your site on or off based on

Rachel Greenfield 131 Sep 26, 2022
An extension to add support of Plugin in Flask.

An extension to add support of Plugin in Flask.

Doge Gui 31 May 19, 2022
flask-apispec MIT flask-apispec (🥉24 · ⭐ 520) - Build and document REST APIs with Flask and apispec. MIT

flask-apispec flask-apispec is a lightweight tool for building REST APIs in Flask. flask-apispec uses webargs for request parsing, marshmallow for res

Joshua Carp 617 Dec 30, 2022
:rocket: Generate a Postman collection from your Flask application

flask2postman A tool that creates a Postman collection from a Flask application. Install $ pip install flask2postman Example Let's say that you have a

Numberly 137 Nov 8, 2022
Adds GraphQL support to your Flask application.

Flask-GraphQL Adds GraphQL support to your Flask application. Usage Just use the GraphQLView view from flask_graphql from flask import Flask from flas

GraphQL Python 1.3k Jan 3, 2023
Adds GraphQL support to your Flask application.

Flask-GraphQL Adds GraphQL support to your Flask application. Usage Just use the GraphQLView view from flask_graphql from flask import Flask from flas

GraphQL Python 1.2k Feb 17, 2021
Seamlessly serve your static assets of your Flask app from Amazon S3

flask-s3 Seamlessly serve the static assets of your Flask app from Amazon S3. Maintainers Flask-S3 is maintained by @e-dard, @eriktaubeneck and @SunDw

Edd Robinson 188 Aug 24, 2022
Freezes a Flask application into a set of static files.

Frozen-Flask Freezes a Flask application into a set of static files. The result can be hosted without any server-side software other than a traditiona

Frozen Flask 737 Dec 19, 2022
A Flask application for Subdomain Enumeration

subdomainer-flask A Flask application for Subdomain Enumeration steps to be done git clone https://github.com/gokulapap/subdomainer-flask pip3 install

GOKUL A.P 7 Sep 22, 2022