我有Django生成的密码哈希。我想使用Flask的密码哈希登录用户。如何在Flask中验证密码?
from django.contrib.auth import hashers
hash = hashers.make_password('pasword')
# pbkdf2_sha256$20000$3RFHVUvhZbu5$llCkkBhVqeh69KSETtH8gK5iTQVy2guwSSyTeGyguxE='
PASSWORD_HASHERS = (
'django.contrib.auth.hashers.PBKDF2PasswordHasher',
'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher',
'django.contrib.auth.hashers.BCryptSHA256PasswordHasher',
'django.contrib.auth.hashers.BCryptPasswordHasher',
'django.contrib.auth.hashers.SHA1PasswordHasher',
'django.contrib.auth.hashers.MD5PasswordHasher',
'django.contrib.auth.hashers.CryptPasswordHasher',
)
答案 0 :(得分:6)
您可以使用passlib包来处理密码哈希。它附带support for Django's hash format。您的示例哈希使用pbkdf2_sha256,因此请使用相应的passlib哈希:
from passlib.hash import django_pbkdf2_sha256
hash = 'pbkdf2_sha256$20000$3RFHVUvhZbu5$llCkkBhVqeh69KSETtH8gK5iTQVy2guwSSyTeGyguxE='
user_input = 'password'
django_pbkdf2_sha256.verify(user_input, hash)
如果您想支持多种格式like Django does,您可以使用预先配置的Django context,或者根据Django的PASSWORD_HASHERS中的任何顺序制作您自己的格式。
from passlib.apps import django_context
hash = 'pbkdf2_sha256$20000$3RFHVUvhZbu5$llCkkBhVqeh69KSETtH8gK5iTQVy2guwSSyTeGyguxE='
user_input = 'password'
django_context.verify(user_input, hash)