Use BCrypt with Salt

week_6/examples/passwords/app.py

 from flask import Flask, render_template, request, jsonify
 from functools import wraps
 import mysql.connector # pip3 install mysql-connector
-# import bcrypt
+import bcrypt
 import configparser
 import io
 
@@ -28,7 +28,8 @@ def signup ():
     print(body)
 
     username = body['username']
-    password = body['password']
+    password = body['password'].encode('utf-8')
+    hashed = bcrypt.hashpw(password, bcrypt.gensalt())
 
     connection = mysql.connector.connect(user=DB_USERNAME, database=DB_NAME, password=DB_PASSWORD)
     cursor = connection.cursor()
@@ -36,7 +37,7 @@ def signup ():
     query = "INSERT into users (username, password) VALUES (%s, %s)"
 
     try:
-        cursor.execute(query, (username, password))
+        cursor.execute(query, (username, hashed))
         connection.commit()
         return {}
     except Exception as e:
@@ -63,12 +64,13 @@ def login ():
 
     try:
         cursor.execute(query, (username,))
-        savedPassword = cursor.fetchone()[0]
+        hashed = cursor.fetchone()[0]
+
 
         print(password)
-        print(savedPassword)
+        print(hashed)
 
-        if password == savedPassword:
+        if bcrypt.checkpw(password.encode('utf-8'), hashed.encode('utf-8')):
             return {}
         return {}, 404
     except Exception as e:

week_6/examples/passwords/migrations/20200304T184700-create_tables.sql

@@ -2,6 +2,5 @@
 
 create table users (
   username VARCHAR(40) PRIMARY KEY,
-  password VARCHAR(20)
-  -- password BINARY(60) NOT NULL
+  password VARCHAR(60)
 );