0

I'm having trouble implementing hash/check_hash functions in flask with rethinkDB (using remodel ORM). What I have coded I know can't work, but I'm not sure how to implement this, so that it will work. Should I just hash/check hash the password when the user is logging in/registering or is there another way?

from remodel.models import Model
from passlib.hash import pbkdf2_sha256
from flask_login import UserMixin

class User(UserMixin, Model):
    has_many = ('Post',)

    def set_password(self, password):
        self.password_hash = pbkdf2_sha256.hash(password)

    def check_password(self, password):
        return pbkdf2_sha256.verify(password, self.password_hash)

p.s.: I know sha256 is not good for storing passwords but this project is just so I can learn how to use rethinkdb with Flask

Aljaz Kontra
  • 1
  • 2
  • I don't follow the question. The first issue is that `set_password` doesn't commit changes, but "Should I just hash/unhash the password when the user is logging in/registering" I don't understand – roganjosh Nov 24 '19 at 13:41
  • 1
    You don't unhash passwords. That's the point; it should be impossible to do so. When the user tried to log in, you take the hash of that password and compare it to the hash stored in the DB. At no point is anything (hopefully) unhashed – roganjosh Nov 24 '19 at 13:42
  • I understand, I used the wrong term, I meant "check hash", will edit the question to make it more sensible – Aljaz Kontra Nov 24 '19 at 13:44
  • when I call User.create() it remodel creates the object and writes it to the db simultaneously. I can't call a function on the user object because it wont save any changes – Aljaz Kontra Nov 24 '19 at 13:49
  • Nothing is saved to a database if you don't commit the changes. The second sentence I don't understand at all – roganjosh Nov 24 '19 at 13:51
  • remodel (ORM for rethinkdb) commits to database when you call newuser= User.create(name = 'name'). You can find out more about remodel on the link I provided.. which would be nice to do before you comment... – Aljaz Kontra Nov 24 '19 at 14:33
  • Where does it tell me that? I see multiple calls to `save()` and I see examples without it when they use `create()`. I don't see anything that explicitly tells me that it autocommits. – roganjosh Nov 24 '19 at 14:38

0 Answers0