Authentication in Flask Apps: Password hashing with Flask and passlib (+3, -2)

init.py (+3, -2)

From: curriculum/section13/lectures/04_encrypt_passwords_passlib/start/app/__init__.py

To: curriculum/section13/lectures/04_encrypt_passwords_passlib/end/app/__init__.py

            
            index c145ae8..9fa838e 100644
--- a/curriculum/section13/lectures/04_encrypt_passwords_passlib/start/app/__init__.py
+++ b/curriculum/section13/lectures/04_encrypt_passwords_passlib/end/app/__init__.py
@@ -9,6 +9,7 @@ from flask import (
     redirect,
     url_for,
 )
+from passlib.hash import pbkdf2_sha256
 
 app = Flask(__name__)
 # Secret key generated with secrets.token_urlsafe()
@@ -35,7 +36,7 @@ def login():
         email = request.form.get("email")
         password = request.form.get("password")
 
-        if users.get(email) == password:
+        if pbkdf2_sha256.verify(password, users.get(email)):
             session["email"] = email
             return redirect(url_for("protected"))
         else:
@@ -49,7 +50,7 @@ def signup():
         email = request.form.get("email")
         password = request.form.get("password")
 
-        users[email] = password
+        users[email] = pbkdf2_sha256.hash(password)
         # session["email"] = email
         # - Setting the session here would be okay if you
         # - want users to be logged in immediately after

__init__.py (+3, -2)

init.py (+3, -2)