ValueError: not a valid sha256_crypt hash when verifying hashed password during login

Question

I get a server 500 error in my flask-app when trying to verify the user password.

I'm running two identical flask-apps one on my local ubuntu system and one on a linode server.

On the local system I run it on the built in development server, on the remote system I'm using apache2 with mod-wsgi.

The user-data is stored in a postgresql database on each system independantly.

On the local system everything works as expected on the remote system I get an error. Extract from error.log below:

[2018-05-08 08:51:20,516] ERROR in app: Exception on /login/ [POST]
Traceback (most recent call last):
File "/home/roger/www/FlaskApp/venv/lib/python2.7/site-packages/flask/app.py", line 1982, in wsgi_app response = self.full_dispatch_request()
File "/home/roger/www/FlaskApp/venv/lib/python2.7/site-packages/flask/app.py", line 1614, in full_dispatch_request rv = self.handle_user_exception(e)
File "/home/roger/www/FlaskApp/venv/lib/python2.7/site-packages/flask/app.py", line 1517, in handle_user_exception reraise(exc_type, exc_value, tb)
File "/home/roger/www/FlaskApp/venv/lib/python2.7/site-packages/flask/app.py", line 1612, in full_dispatch_request
rv = self.dispatch_request()
File "/home/roger/www/FlaskApp/venv/lib/python2.7/site-packages/flask/app.py", line 1598, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/home/roger/www/FlaskApp/FlaskApp/server.py", line 79, in login_view if sha256_crypt.verify(request.form['password'], userdata[2]):
File "/home/roger/www/FlaskApp/venv/lib/python2.7/site-packages/passlib/utils/handlers.py", line 757, in verify
self = cls.from_string(hash, **context)
File "/home/roger/www/FlaskApp/venv/lib/python2.7/site-packages/passlib/handlers/sha2_crypt.py", line 307, in from_string raise uh.exc.InvalidHashError(cls)
ValueError: not a valid sha256_crypt hash

This is the line in my login-page that throws the error: (userdata[2] is the password column of the usertable of my database)

if sha256_crypt.verify(request.form['password'], userdata[2]):

on the registration.page I hash the password like this, before storing it into the database:

password = sha256_crypt.encrypt(str(request.form['password']))

This is my flask-app config:

from flask import Flask, render_template, redirect, url_for, abort, request, session
from passlib.hash import sha256_crypt
from flask_session import Session
from functools import wraps

app = Flask(__name__)
SESSION_TYPE = 'filesystem'
app.secret_key = 'ihgipeghephg'

sess = Session()
sess.init_app(app)

This is my .wsgi - file:

#! /usr/bin/python
import sys
import logging

# use the following lines for activating and using the venv
activate_this = '/home/roger/www/FlaskApp/venv/bin/activate_this.py'
execfile(activate_this, dict(__file__=activate_this))

logging.basicConfig(stream=sys.stderr)
sys.path.insert(0,"/home/roger/www/FlaskApp/")

from FlaskApp import app as application
application.secret_key = 'whfipwfzqperznn'

I don't understand why it works fine on the local system and not on the remote system.

Any tips where to look would be appreciated.

Answer 1

OK, I found the problem.

I used different databases for each system. On one system I had the passwords stored in column 2, on the other one in column 3.

Simply had to change this:

if sha256_crypt.verify(request.form['password'], userdata[2]):

to this:

if sha256_crypt.verify(request.form['password'], userdata[3]):