-3

我正在尝试对 Flask 应用程序实施JWT授权。但是,当我尝试登录时,它返回一个"500 Internal server error"带有“TypeError:哈希必须是 unicode 或字节,而不是 builtin_function_or_method”。我会在这里错过什么。

这是我的models.py课程

from passlib.hash import pbkdf2_sha256

# Create classes to store data.
class User:
""" This class provides a way to store user data. """

    users = [
        {
            'id': 1,
            'username': u'mwinel',
            'email': u'mwinel@example.com',
            'password': u'code618'
        },
        {
            'id': 2,
            'username': u'lucy',
            'email': u'lucy@example.com',
            'password': u'123456'
        }
    ]

    def __init__(self, id, username, email, password):
        """ Initialize objects. """
        self.id = user_id,
        self.username = username,
        self.email = email,
        self.password = password

    @staticmethod
    # Generate a hashed string to be
    # stored by our class model.
    def generate_hash(password):
        hash = pbkdf2_sha256.encrypt(password, rounds = 20000, salt_size = 16)
        return hash

    @staticmethod
    # Check a given password.
    def verify_hash(password, hash):
        return pbkdf2_sha256.verify(password, hash)

这是我的登录方法

from flask_restful import Resource, reqparse
from app.models import User

class UserLogin(Resource):
    # Call the method to login a user.
    def post(self):
        parser = reqparse.RequestParser()
        parser.add_argument('username', required = True)
        parser.add_argument('password', required = True)

        data = parser.parse_args()
        username = data['username']
        password = data['password']
        for user in User.users:
            if password == User.verify_hash(data['password'], hash):
                return {
                    'message': 'Logged in as {}'.format(data['username']),
                }, 200
        return {
            'message': 'Something went wrong'
        }, 500

这是错误

TypeError: hash must be unicode or bytes, not builtin_function_or_method
4

2 回答 2

0

你需要改变

if password == User.verify_hash(data['password'], hash):

为了

if password == User.verify_hash(data['password'], user['hash']):

但是您没有存储那些使您的所有加密无用的哈希值。

而是使用散列函数将密码散列存储在用户数组中,如下所示:

# Create classes to store data.
class User:
""" This class provides a way to store user data. """

    users = [
        {
            'id': 1,
            'username': u'mwinel',
            'email': u'mwinel@example.com',
            'hash': u'$pbkdf2-sha256$20000$OCeEcM55zzlnbG3tfW9tTQ$k3dRDawLaOMlR4cehJEP/2b0JUTMrtPedzLYxNQWICM'
        },
        {
            'id': 2,
            'username': u'lucy',
            'email': u'lucy@example.com',
            'password': u'$pbkdf2-sha256$20000$8D6H0Npbaw3BWGsNYSxFyA$FxkRkBXuQy8VFRX8dSdygzQ4vNlvFJl6hWZQ6LT2NIc'
        }
    ]
于 2018-07-16T19:48:59.933 回答
0

到达此行时,您根本没有定义散列:

if password == User.verify_hash(data['password'], hash):

我相信这通常会引发 NameError,但是有一个名为 hash 的内置 python 函数试图传递给您的 verify_hash 方法(https://docs.python.org/3.5/library/functions.html#hash)。这就是导致您的程序因该异常而崩溃的原因。

于 2018-07-15T13:54:07.100 回答