How can I fix this error: ValueError: Invalid salt in flask?

Question

Can someone help me, please? I get this error:

ValueError: Invalid salt

I'm trying to create a login page and register. The problem is when I'm going to login with a username and password. The registers it's ok

app.py

from os import close
from flask import Flask, render_template, redirect, request, url_for, session, flash
from flask_mysqldb import MySQL, MySQLdb
import bcrypt

app = Flask(__name__)
app.config['MYSQL_HOST'] = 'localhost'
app.config['MYSQL_USER'] = 'root'
app.config['MYSQL_PASSWORD'] = ''
app.config['MYSQL_DB'] = 'opensol'
app.config['MYSQL_CURSORCLASS'] = 'DictCursor'
mysql = MySQL(app)


@app.route("/")
def home():
    return render_template("index.html")


@app.route('/register', methods=["GET", "POST"])
def register():
    if request.method == 'GET':
        return render_template("register.html")
    else:
        iden = request.form['id']
        username = request.form['username']
        email = request.form['email']
        password = request.form['password'].encode('utf-8')
        hash_password = bcrypt.hashpw(password, bcrypt.gensalt())
        cur = mysql.connection.cursor()
        cur.execute("INSERT INTO clientes (cl_id,cl_username,cl_email,cl_password) VALUES (%s,%s,%s,%s)",
                    (iden,username, email, hash_password,))
        mysql.connection.commit()
        session['username'] = username
        session['email'] = email
        session['id'] = iden
        return redirect(url_for("home"))

# login


@app.route('/login', methods=["GET", "POST"])
def login():
    if request.method == "POST":
        username = request.form['username']
        password = request.form['password'].encode('utf-8')

        cur = mysql.connection.cursor(MySQLdb.cursors.DictCursor)
        cur.execute("SELECT * FROM clientes WHERE cl_username=%s", (username,))
        user = cur.fetchone()
        cur.close()

        if user is None:
            flash("No encontrado") 

            return render_template("login.html")
        else:

            if bcrypt.hashpw(password, user["cl_password"].encode('utf-8')) == user["cl_password"].encode('utf-8'):
                session['username'] = user['cl_username']
                session['email'] = user['cl_email']
                session['id'] = user['cl_id']
                return render_template("principal.html")
            else:
                return "Error password and email not match"

    else:
        return render_template(url_for('home'))


@app.route('/logout')
def logout():
    session.clear()
    return render_template("home.html")


if __name__ == '__main__':
    app.secret_key = "012#!ApaAjaBoleh)(*%"
    app.run(debug=True)

Any help?

Answer 1

You can make use of flask-bcrypt instead of using bcrypt. flask-bcrypt is a flask extension, which means that it is optimized for usage along with flask.

Now, you can install flask-bcrypt by:

pip install flask-bcrypt

I suggest making these necessary changes to your codes:

1. Importing flask-bcrypt

from os import close
from flask import Flask, render_template, redirect, request, url_for, session, flash
from flask_mysqldb import MySQL, MySQLdb

# import bcrypt  <--- no need of this

from flask_bcrypt import Bcrypt    # <--- importing flask_bcrypt

2. Initializing with app

app = Flask(__name__)
app.config['MYSQL_HOST'] = 'localhost'
app.config['MYSQL_USER'] = 'root'
app.config['MYSQL_PASSWORD'] = ''
app.config['MYSQL_DB'] = 'opensol'
app.config['MYSQL_CURSORCLASS'] = 'DictCursor'
mysql = MySQL(app)
bcrypt = Bcrypt(app) # <---- add this line

3. Make these changes in def register():

password = request.form['password'].encode('utf-8')       # <--- remove .encode('utf-8')
hash_password = bcrypt.hashpw(password, bcrypt.gensalt()) # < --- remove this line

hash_password = bcrypt.generate_password_hash(password).decode('utf-8') # <-- add this line

4. Make these changes in def login():

password = request.form['password'].encode('utf-8') # <-- again, no need of .encode('utf'-8)

if bcrypt.hashpw(password, user["cl_password"].encode('utf-8')) == user["cl_password"].encode('utf-8'): # < --- remove this line

if bcrypt.check_password_hash(user['cl_password'],password):  # < --- add this line

As it is evident that flask-bcrypt is pretty straight-forward when it comes to implementation. After the above changes, your application would smoothly perform register - login function.

A small tip (off-topic): Never hardcode your app.secret_key. Instead, declare the secret key as an environment variable and then access it.