ValueError: not a valid sha256_crypt hash

Question

I am working on this application and I have set up a registration and login page. Everything works perfectly fine, the only issue is with the password validation. I am using SHA256 and every time I try logging I get this error : ValueError: not a valid sha256_crypt hash here is a piece of def register

def register():
    if request.method=="POST":
        name = request.form.get("name")
        username = request.form.get("username")
        password = request.form.get("password")
        confirm = request.form.get("confirm")
        secure_password = sha256_crypt.encrypt(str(password))

and here is a login

def login():
    if request.method == "POST":
        username = request.form.get("username")
        password = request.form.get("password")
      
        usernamedata = db.execute("SELECT username FROM users WHERE username=:username", {"username":username}).fetchone()
        passwordata = db.execute("SELECT password FROM users WHERE username=:username", {"username":username}).fetchone()

        if usernamedata is None:
            flash("No username", "danger")
            return render_template("/login.html")
        else:
              for passwor_data in passwordata:
                if sha256_crypt.verify(password,passwor_data):
                    flash("You are now logged in","success")
                    return redirect("/index.html")

score 0 · Answer 1 · answered Jun 13 '20 at 23:04

0

You are iterating over each character of the hash in for passwor_data in passwordata:, so it throws this error, complaining that the second argument is not a valid sha256 hash.

It should be something like :

if sha256_crypt.verify(password, passwordata):
    flash("You are now logged in","success")
    return redirect("/index.html")

password is the clear text password received from user input
passwordata is sha256 hash

Short example :

from passlib.hash import sha256_crypt

password = "test"
passwordata = sha256_crypt.encrypt(password)

if sha256_crypt.verify(password, passwordata):
    print("OK")

answered Jun 13 '20 at 23:04

Bertrand Martel

42,756
16
135
159

i tried what you suggested and not i am getting this error: TypeError: hash must be unicode or bytes, not sqlalchemy.engine.result.RowProxy – Bello Cooper Jun 14 '20 at 01:17
@BelloCooper you need to convert it to string then – Bertrand Martel Jun 14 '20 at 01:19
i am trying to to it like this :if sha256_crypt.verify(password, passwordata(str)):. its now throwing in this error TypeError: 'RowProxy' object is not callable – Bello Cooper Jun 14 '20 at 01:26
I don't know this `passwordata(str)` ? – Bertrand Martel Jun 14 '20 at 01:27
trying to convert the hash back to string. i thought thats the way its done. let me know if its not right – Bello Cooper Jun 14 '20 at 01:31
@BelloCooper maybe passwordata[0] I don't know sqlalchemy.engine.result.RowProxy – Bertrand Martel Jun 14 '20 at 01:33

ValueError: not a valid sha256_crypt hash

1 Answers1