Python 3 password checkpw / hashpw issue

Hi guys,

I’m working on a login page and I’m having issues with the checkpw() component of the application. Believe it or not the login checkpw() did work for 3 weeks and then it stopped working and lost as to how to fix the issue.

Script

userEnteredPwd = "%Testing20"
#################### Encrypt Password ######################################
def hashingPwd(pwd):    
    hashingPassword = pwd.encode('utf-8')
    salt = bcrypt.gensalt()
       hashedPWD = bcrypt.hashpw(hashingPassword, salt)    
    return hashedPWD
    
############### Decrypt passworr ########################################
def is_PWDvalid(userEnteredPwd,decPwd):    
    userPwd = userEnteredPwd.encode('utf-8')
    stage2 = decPwd.encode('utf-8')
    result = bcrypt.checkpw(userPwd, stage2)    
    return result

encPwd = hashingPwd(userEnteredPwd)
print(f"Hashed pwd =>: {encPwd} ")
loginYesNo = is_PWDvalid(userEnteredPwd, encPwd)
print(f"Login Failed/Succes =>: {loginYesNo}")

Error message

Hashed pwd =>: b'$2b$12$hksDsz2ujK3UfybNgKrGHunjsIJufWQFxAouwWFlecSE7OwixLUcu' 
Traceback (most recent call last):
  File "D:\xampp\htdocs\pythontesting\auth.py", line 25, in <module>
    loginYesNo = is_PWDvalid(userEnteredPwd, encPwd)
  File "D:\xampp\htdocs\pythontesting\auth.py", line 18, in is_PWDvalid
    stage1 = decPwd.encode('utf-8')
AttributeError: 'bytes' object has no attribute 'encode'. Did you mean: 'decode'?

You don’t need to encode it twice. You’re encoding it in hashingPwd so you don’t do it again.

Hi DaveMaxwell,

Thank you for the reply back. I should have noticed that before copy/pasting the code but it looks like there’s a bigger issue with the way the hashpwd code is generated and the the format its saves to the database. I think there’s something strange going on when saving the hashed code to the database (xampp). my test code, if I bypass the database it works but if i save the hashed password to the database i think there’s change happening that i cant seem to pin point.

Part of the registration code that appends data to the table and this works.

passwordIntoBytes = form.password.data.encode('utf-8')                    
saltGenerated = bcrypt.gensalt()
passwordHashed = bcrypt.hashpw(passwordIntoBytes, saltGenerated)
         try:
              appendMember = memberTBL(mem_firstName = form.firstName.data, mem_lastName = form.lastName.data, mem_email = form.email.data, mem_pwd = passwordHashed, mem_status = 1)
               sessionDB.add(appendMember)
                sessionDB.commit()
         finally:
                sessionDB.close()

Part of the login code that. it always fails at wdIsValid. the database query works but there is a format or conversion that taking place when i save the password in the registration process

userPWDbyts = formLogin.loginPassword.data.encode('utf-8') 
dbPassword = loginEmailSearch.mem_pwd
pwdIsValid = bcrypt.checkpw(userPWDbyts, dbPassword) 

password %Testing20
copy/pasted this from the database table: $2b$12$UBGMSk59p3Fg2b4zQU1w0uaY/T0pxI52jo7jscVeJXp1Zlsoc/4YS

any ideas?

The value copy/pasted from the database table is the salted, encrypted password. I’d assume it’s correct.

Your login code should be something like this (please forgive any typos or syntax errors, it’s been a minute since I’ve done python…)

# connecting to db and cursor creation already done above...

# get form values
username = form.username.data.encode('utf-8')
password = form.password.data.encode('utf-8')

# look for user on database
strSQL = "SELECT password from userTable where username = {username}"
cur.execute(strSQL)
encPassword = cur.fetchone()[0]

if (len(encPassword) == 0):
    print "Login failed"    # no such user
else if (bcrypt.checkpw(password, encPassword)::
    print "Login successful"
else
   print "Login failed"    # invalid password