I'm using python3 , flask-restful and wanted to use flask_bcrypt to hash users passwords stored in database, when I run the solution by python3 app.py, everything works perfectly and I can hash the passwords and validate them , but when I run the solution through uwsgi
uwsgi uwsgi.ini

I get internal server error when I try to authenticate.

When I review the log file , I get the following error:
from flask_bcrypt import Bcrypt ,check_password_hash ImportError: No module named 'flask_bcrypt' unable to load app 0 (mountpoint='') (callable not found or import error) . Although I can import it successfully from command line as well.

I tried to do one solution suggested in :

No module named 'flask_bcrypt'

and to add "#@unresolvedimport" to import but still didn't work.

Is this case of a bad release, where the new version used the wrong tag?

test_bcrypt.py is missing from tarball.

Hi,

It s look like bcrypt library changes, as i got this error :

TypeError: hashpw() argument 1 must be str, not bytes

I'm on python 2.7.8. Flask is giving me the following error:

[Sat Oct 11 01:30:04 2014] [error] [client 127.0.0.1] Traceback (most recent call last):
[Sat Oct 11 01:30:04 2014] [error] [client 127.0.0.1]   File "/home/albert/lib/python2.7/Flask-0.10.1-py2.7.egg/flask/app.py", line 1836, in __call__
[Sat Oct 11 01:30:04 2014] [error] [client 127.0.0.1]     return self.wsgi_app(environ, start_response)
[Sat Oct 11 01:30:04 2014] [error] [client 127.0.0.1]   File "/home/albert/lib/python2.7/Flask-0.10.1-py2.7.egg/flask/app.py", line 1820, in wsgi_app
[Sat Oct 11 01:30:04 2014] [error] [client 127.0.0.1]     response = self.make_response(self.handle_exception(e))
[Sat Oct 11 01:30:04 2014] [error] [client 127.0.0.1]   File "/home/albert/lib/python2.7/Flask-0.10.1-py2.7.egg/flask/app.py", line 1403, in handle_exception
[Sat Oct 11 01:30:04 2014] [error] [client 127.0.0.1]     reraise(exc_type, exc_value, tb)
[Sat Oct 11 01:30:04 2014] [error] [client 127.0.0.1]   File "/home/albert/lib/python2.7/Flask-0.10.1-py2.7.egg/flask/app.py", line 1817, in wsgi_app
[Sat Oct 11 01:30:04 2014] [error] [client 127.0.0.1]     response = self.full_dispatch_request()
[Sat Oct 11 01:30:04 2014] [error] [client 127.0.0.1]   File "/home/albert/lib/python2.7/Flask-0.10.1-py2.7.egg/flask/app.py", line 1477, in full_dispatch_request
[Sat Oct 11 01:30:04 2014] [error] [client 127.0.0.1]     rv = self.handle_user_exception(e)
[Sat Oct 11 01:30:04 2014] [error] [client 127.0.0.1]   File "/home/albert/lib/python2.7/Flask-0.10.1-py2.7.egg/flask/app.py", line 1381, in handle_user_exception
[Sat Oct 11 01:30:04 2014] [error] [client 127.0.0.1]     reraise(exc_type, exc_value, tb)
[Sat Oct 11 01:30:04 2014] [error] [client 127.0.0.1]   File "/home/albert/lib/python2.7/Flask-0.10.1-py2.7.egg/flask/app.py", line 1475, in full_dispatch_request
[Sat Oct 11 01:30:04 2014] [error] [client 127.0.0.1]     rv = self.dispatch_request()
[Sat Oct 11 01:30:04 2014] [error] [client 127.0.0.1]   File "/home/albert/lib/python2.7/Flask-0.10.1-py2.7.egg/flask/app.py", line 1461, in dispatch_request
[Sat Oct 11 01:30:04 2014] [error] [client 127.0.0.1]     return self.view_functions[rule.endpoint](**req.view_args)
[Sat Oct 11 01:30:04 2014] [error] [client 127.0.0.1]   File "/home/albert/webapps/webapp/venv/lib/python2.7/site-packages/flask_mobility/decorators.py", line 35, in wrapper
[Sat Oct 11 01:30:04 2014] [error] [client 127.0.0.1]     return f(*args, **kwargs)
[Sat Oct 11 01:30:04 2014] [error] [client 127.0.0.1]   File "/home/albert/webapps/webapp/webapp/view/landing.py", line 100, in login
[Sat Oct 11 01:30:04 2014] [error] [client 127.0.0.1]     if form.validate_on_submit():
[Sat Oct 11 01:30:04 2014] [error] [client 127.0.0.1]   File "/home/albert/webapps/webapp/venv/lib/python2.7/site-packages/flask_wtf/form.py", line 156, in validate_on_submit
[Sat Oct 11 01:30:04 2014] [error] [client 127.0.0.1]     return self.is_submitted() and self.validate()
[Sat Oct 11 01:30:04 2014] [error] [client 127.0.0.1]   File "/home/albert/webapps/webapp/venv/lib/python2.7/site-packages/wtforms/form.py", line 271, in validate
[Sat Oct 11 01:30:04 2014] [error] [client 127.0.0.1]     return super(Form, self).validate(extra)
[Sat Oct 11 01:30:04 2014] [error] [client 127.0.0.1]   File "/home/albert/webapps/webapp/venv/lib/python2.7/site-packages/wtforms/form.py", line 130, in validate
[Sat Oct 11 01:30:04 2014] [error] [client 127.0.0.1]     if not field.validate(self, extra):
[Sat Oct 11 01:30:04 2014] [error] [client 127.0.0.1]   File "/home/albert/webapps/webapp/venv/lib/python2.7/site-packages/wtforms/fields/core.py", line 175, in validate
[Sat Oct 11 01:30:04 2014] [error] [client 127.0.0.1]     stop_validation = self._run_validation_chain(form, chain)
[Sat Oct 11 01:30:04 2014] [error] [client 127.0.0.1]   File "/home/albert/webapps/webapp/venv/lib/python2.7/site-packages/wtforms/fields/core.py", line 195, in _run_validation_chain
[Sat Oct 11 01:30:04 2014] [error] [client 127.0.0.1]     validator(form, self)
[Sat Oct 11 01:30:04 2014] [error] [client 127.0.0.1]   File "/home/albert/webapps/webapp/webapp/forms.py", line 19, in validate_email
[Sat Oct 11 01:30:04 2014] [error] [client 127.0.0.1]     if not user.is_correct_password(self.password.data):
[Sat Oct 11 01:30:04 2014] [error] [client 127.0.0.1]   File "/home/albert/webapps/webapp/webapp/models.py", line 330, in is_correct_password
[Sat Oct 11 01:30:04 2014] [error] [client 127.0.0.1]     if self._password and b.check_password_hash(self._password, plaintext+'-'+current_app.config['PASSWORD_SALT']):
[Sat Oct 11 01:30:04 2014] [error] [client 127.0.0.1]   File "/home/albert/webapps/webapp/venv/lib/python2.7/site-packages/flask_bcrypt.py", line 180, in check_password_hash
[Sat Oct 11 01:30:04 2014] [error] [client 127.0.0.1]     return safe_str_cmp(bcrypt.hashpw(password, unicode(pw_hash)), unicode(pw_hash))
[Sat Oct 11 01:30:04 2014] [error] [client 127.0.0.1]   File "/home/albert/webapps/webapp/venv/lib/python2.7/site-packages/werkzeug/security.py", line 117, in safe_str_cmp
[Sat Oct 11 01:30:04 2014] [error] [client 127.0.0.1]     return _builtin_safe_str_cmp(a, b)
[Sat Oct 11 01:30:04 2014] [error] [client 127.0.0.1] TypeError: 'unicode' does not have the buffer interface

Looks similar to this issue: cryptojuice/flask-scrypt#6

Casting to unicode in flask_bcrypt.py::check_password_hash() seems to fix things:
return safe_str_cmp(unicode(bcrypt.hashpw(password, pw_hash)), unicode(pw_hash))

There's an error in your docs: https://pythonhosted.org/Flask-Bcrypt/#usage

This:

import flask
from flaskext.bcrypt import Bcrypt

app = Flask(__name__)
bcrypt = Bcrypt(app)

Should be:

import flask
from flask.ext.bcrypt import Bcrypt

app = Flask(__name__)
bcrypt = Bcrypt(app)

(missing the "dot" -> flaskext.bcrypt import Bcrypt)

bcrypt.py

     from flask import Flask
     from flask_bcrypt import Bcrypt

     bcrypt = Bcrypt()

app.py

     from bcrypt import bcrypt
     bcrypt.init_app(app)

Uses in any file

     from bcrypt import bcrypt
     bcrypt.generate_password_hash('rajesh')

     Flask-Bcrypt==0.7.1

flask_bcrypt.check_password_hash uses the method werkzeug.security.safe_str_cm that has been marked deprecated.

https://github.com/pallets/werkzeug/blob/af160e0b6b7ddd81c22f1652c728ff5ac72d5c74/src/werkzeug/security.py#L103
(snippet as of the time of this post:)

def safe_str_cmp(a: str, b: str) -> bool:
    """This function compares strings in somewhat constant time.  This
    requires that the length of at least one string is known in advance.
    Returns `True` if the two strings are equal, or `False` if they are not.
    .. deprecated:: 2.0
        Will be removed in Werkzeug 2.1. Use
        :func:`hmac.compare_digest` instead.
    .. versionadded:: 0.7
    """
    warnings.warn(
        "'safe_str_cmp' is deprecated and will be removed in Werkzeug"
        " 2.1. Use 'hmac.compare_digest' instead.",
        DeprecationWarning,
        stacklevel=2,
    )

Have you guys made any plans to move to using hmac.compare_digest, as Werkzeug recommends? If not, I can submit a PR.

Dependabot couldn't authenticate with https://pypi.python.org/simple/.

You can provide authentication details in your Dependabot dashboard by clicking into the account menu (in the top right) and selecting 'Config variables'.

View the update logs.

flaskext/bcrypt.py references LICENSE, but it's missing from the tarball on pypi.

I am trying to install this package in windows 7 x64 with the following setup:

python 2.7.3 x86
visual studio 9.0 (2010 express) - has x86 c compiler
setuptools
pip

I try pip install flask-bcrypt or easy_install flask-bcrypt and keep getting the same errors:

C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\BIN\cl.exe /c /nologo /Ox
/MD /W3 /GS- /DNDEBUG -IC:\Python27\include -IC:\Python27\PC /Tcbcrypt/bcrypt_py
thon.c /Fobuild\temp.win32-2.7\Release\bcrypt/bcrypt_python.obj

bcrypt_python.c

bcrypt/bcrypt_python.c(56) : warning C4244: 'function' : conversion from 'long'
to 'u_int8_t', possible loss of data

bcrypt/bcrypt_python.c(76) : error C2143: syntax error : missing ';' before 'typ
e'

bcrypt/bcrypt_python.c(77) : error C2143: syntax error : missing ';' before 'typ
e'

bcrypt/bcrypt_python.c(80) : error C2065: 'password_copy' : undeclared identifie
r

bcrypt/bcrypt_python.c(80) : warning C4047: 'function' : 'const char *' differs
in levels of indirection from 'int'

bcrypt/bcrypt_python.c(80) : warning C4024: 'pybc_bcrypt' : different types for
formal and actual parameter 1

bcrypt/bcrypt_python.c(80) : error C2065: 'salt_copy' : undeclared identifier

bcrypt/bcrypt_python.c(80) : warning C4047: 'function' : 'const char *' differs
in levels of indirection from 'int'

bcrypt/bcrypt_python.c(80) : warning C4024: 'pybc_bcrypt' : different types for
formal and actual parameter 2

bcrypt/bcrypt_python.c(83) : error C2065: 'password_copy' : undeclared identifie
r

bcrypt/bcrypt_python.c(83) : warning C4022: 'free' : pointer mismatch for actual
parameter 1

bcrypt/bcrypt_python.c(84) : error C2065: 'salt_copy' : undeclared identifier

bcrypt/bcrypt_python.c(84) : warning C4022: 'free' : pointer mismatch for actual
parameter 1

bcrypt/bcrypt_python.c(94) : error C2061: syntax error : identifier 'bcrypt_meth
ods'

bcrypt/bcrypt_python.c(94) : error C2059: syntax error : ';'

bcrypt/bcrypt_python.c(94) : error C3409: empty attribute block is not allowed

bcrypt/bcrypt_python.c(94) : error C2513: '/global/ ' : no variable declared b
efore '='

bcrypt/bcrypt_python.c(109) : error C2065: 'bcrypt_methods' : undeclared identif
ier

bcrypt/bcrypt_python.c(109) : warning C4047: 'function' : 'PyMethodDef *' differ
s in levels of indirection from 'int'

bcrypt/bcrypt_python.c(109) : warning C4024: 'Py_InitModule4' : different types
for formal and actual parameter 2

error: command '"C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\BIN\cl.ex
e"' failed with exit status 2

from flaskext.bcrypt import Bcrypt

rather than

from flask_bcrypt import Bcrypt

The "check_password_hash" method throws an error:
TypeError: hashpw() argument 1 must be str, not bytes

If you comment out lines 180 to 191 in "flask_bcrypt.py" it then works. I assume this is not the best approach or I would do a pull request.

Thanks!

Hey there,

I am getting some odd behaviour in Python3.

My code looks like this:

default_user = User(name="John Doe")
default_user.set_password("password")
assert default_user.check_password("password") is True
assert default_user.check_password("kldsjfsakdjf") is False

set_password is defined as:

    def set_password(self, password):
        self.password = bcrypt.generate_password_hash(password)

    def check_password(self, value):
        # Users without password can't log in
        # we prevent to hash an empty string
        if not value and not self.password:
            return False
        return bcrypt.check_password_hash(self.password, value)

This code works great in Python2. When I run the same code in Python3 I get the "Invalid Salt" error.

Investigating it looks like instead of the hash being written to my db (Postgres) I get a different string.

For example in Python 3 when I look at User.password in the db I see:

\x24326224313324674b644e614e5570476d347143502e6539735063704f4e392e6a2e5956714b726a537575312e354e4c4971505761464e3771423843

instead of

b'$2b$13$gKdNaNUpGm4qCP.e9sPcpON9.j.YVqKrjSuu1.5NLIqPWaFN7qB8C'

which is the value before I save the user and the one I should receive when I check it.

This looks like some kind of encoding error but I can't pinpoint what it is doing it! Any suggestions would be greatly appreciated. 😄

The error is :

x: /home/x >pip install --user flask-bcrypt
Requirement already satisfied: flask-bcrypt in ./.local/lib/python3.7/site-packages (0.7.1)
Requirement already satisfied: Flask in ./.local/lib/python3.7/site-packages (from flask-bcrypt) (1.1.2)
Requirement already satisfied: bcrypt in /usr/local/lib/python3.7/site-packages (from flask-bcrypt) (3.1.7)
Requirement already satisfied: Werkzeug>=0.15 in ./.local/lib/python3.7/site-packages (from Flask->flask-bcrypt) (1.0.1)
Requirement already satisfied: click>=5.1 in /usr/local/lib/python3.7/site-packages (from Flask->flask-bcrypt) (7.0)
Requirement already satisfied: Jinja2>=2.10.1 in /usr/local/lib/python3.7/site-packages (from Flask->flask-bcrypt) (2.10.1)
Requirement already satisfied: itsdangerous>=0.24 in ./.local/lib/python3.7/site-packages (from Flask->flask-bcrypt) (1.1.0)
Collecting cffi>=1.1 (from bcrypt->flask-bcrypt)
  Downloading https://files.pythonhosted.org/packages/54/1d/15eae71ab444bd88a1d69f19592dcf32b9e3166ecf427dd9243ef0d3b7bc/cffi-1.14.1.tar.gz (468kB)
     |████████████████████████████████| 471kB 1.6MB/s 
Requirement already satisfied: six>=1.4.1 in /usr/local/lib/python3.7/site-packages (from bcrypt->flask-bcrypt) (1.14.0)
Requirement already satisfied: MarkupSafe>=0.23 in /usr/local/lib/python3.7/site-packages (from Jinja2>=2.10.1->Flask->flask-bcrypt) (1.1.1)
Requirement already satisfied: pycparser in ./.local/lib/python3.7/site-packages (from cffi>=1.1->bcrypt->flask-bcrypt) (2.20)
Installing collected packages: cffi
  Running setup.py install for cffi ... error
    ERROR: Complete output from command /usr/local/bin/python3.7 -u -c 'import setuptools, tokenize;__file__='"'"'/tmp/pip-install-2pwm90z7/cffi/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' install --record /tmp/pip-record-e_ynldi3/install-record.txt --single-version-externally-managed --compile --user --prefix=:
    ERROR: cp: illegal option -- c
    usage: cp [-R [-H | -L | -P]] [-f | -i | -n] [-alpsvx] source_file target_file
           cp [-R [-H | -L | -P]] [-f | -i | -n] [-alpsvx] source_file ... target_directory
    cp: error: clang frontend command failed with exit code 64 (use -v to see invocation)
    cp: illegal option -- c
    usage: cp [-R [-H | -L | -P]] [-f | -i | -n] [-alpsvx] source_file target_file
           cp [-R [-H | -L | -P]] [-f | -i | -n] [-alpsvx] source_file ... target_directory
    cp: error: clang frontend command failed with exit code 64 (use -v to see invocation)
    
        No working compiler found, or bogus compiler options passed to
        the compiler from Python's standard "distutils" module.  See
        the error messages above.  Likely, the problem is not related
        to CFFI but generic to the setup.py of any Python package that
        tries to compile C code.  (Hints: on OS/X 10.8, for errors about
        -mno-fused-madd see http://stackoverflow.com/questions/22313407/
        Otherwise, see https://wiki.python.org/moin/CompLangPython or
        the IRC channel #python on irc.freenode.net.)
    
        Trying to continue anyway.  If you are trying to install CFFI from
        a build done in a different context, you can ignore this warning.
    
    running install
    running build
    running build_py
    creating build
    creating build/lib.freebsd-12.1-RELEASE-p7-amd64-3.7
    creating build/lib.freebsd-12.1-RELEASE-p7-amd64-3.7/cffi
    copying cffi/api.py -> build/lib.freebsd-12.1-RELEASE-p7-amd64-3.7/cffi
    copying cffi/__init__.py -> build/lib.freebsd-12.1-RELEASE-p7-amd64-3.7/cffi
    copying cffi/setuptools_ext.py -> build/lib.freebsd-12.1-RELEASE-p7-amd64-3.7/cffi
    copying cffi/cffi_opcode.py -> build/lib.freebsd-12.1-RELEASE-p7-amd64-3.7/cffi
    copying cffi/vengine_cpy.py -> build/lib.freebsd-12.1-RELEASE-p7-amd64-3.7/cffi
    copying cffi/lock.py -> build/lib.freebsd-12.1-RELEASE-p7-amd64-3.7/cffi
    copying cffi/cparser.py -> build/lib.freebsd-12.1-RELEASE-p7-amd64-3.7/cffi
    copying cffi/ffiplatform.py -> build/lib.freebsd-12.1-RELEASE-p7-amd64-3.7/cffi
    copying cffi/verifier.py -> build/lib.freebsd-12.1-RELEASE-p7-amd64-3.7/cffi
    copying cffi/vengine_gen.py -> build/lib.freebsd-12.1-RELEASE-p7-amd64-3.7/cffi
    copying cffi/pkgconfig.py -> build/lib.freebsd-12.1-RELEASE-p7-amd64-3.7/cffi
    copying cffi/model.py -> build/lib.freebsd-12.1-RELEASE-p7-amd64-3.7/cffi
    copying cffi/recompiler.py -> build/lib.freebsd-12.1-RELEASE-p7-amd64-3.7/cffi
    copying cffi/backend_ctypes.py -> build/lib.freebsd-12.1-RELEASE-p7-amd64-3.7/cffi
    copying cffi/error.py -> build/lib.freebsd-12.1-RELEASE-p7-amd64-3.7/cffi
    copying cffi/commontypes.py -> build/lib.freebsd-12.1-RELEASE-p7-amd64-3.7/cffi
    copying cffi/_cffi_include.h -> build/lib.freebsd-12.1-RELEASE-p7-amd64-3.7/cffi
    copying cffi/parse_c_type.h -> build/lib.freebsd-12.1-RELEASE-p7-amd64-3.7/cffi
    copying cffi/_embedding.h -> build/lib.freebsd-12.1-RELEASE-p7-amd64-3.7/cffi
    copying cffi/_cffi_errors.h -> build/lib.freebsd-12.1-RELEASE-p7-amd64-3.7/cffi
    running build_ext
    building '_cffi_backend' extension
    creating build/temp.freebsd-12.1-RELEASE-p7-amd64-3.7
    creating build/temp.freebsd-12.1-RELEASE-p7-amd64-3.7/c
    /usr/local/bin/clang90 -pthread -Wno-unused-result -Wsign-compare -Wunreachable-code -DNDEBUG -O2 -pipe -O2 -pipe -march=ivybridge -fstack-protector-strong -fno-strict-aliasing -fPIC -I/usr/local/lib/libffi-3.2.1/include -I/usr/local/include -I/usr/local/include/python3.7m -c c/_cffi_backend.c -o build/temp.freebsd-12.1-RELEASE-p7-amd64-3.7/c/_cffi_backend.o
    cp: illegal option -- c
    usage: cp [-R [-H | -L | -P]] [-f | -i | -n] [-alpsvx] source_file target_file
           cp [-R [-H | -L | -P]] [-f | -i | -n] [-alpsvx] source_file ... target_directory
    cp: error: clang frontend command failed with exit code 64 (use -v to see invocation)
    error: command '/usr/local/bin/clang90' failed with exit status 64
    ----------------------------------------
ERROR: Command "/usr/local/bin/python3.7 -u -c 'import setuptools, tokenize;__file__='"'"'/tmp/pip-install-2pwm90z7/cffi/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' install --record /tmp/pip-record-e_ynldi3/install-record.txt --single-version-externally-managed --compile --user --prefix=" failed with error code 1 in /tmp/pip-install-2pwm90z7/cffi/

Not sure what the deal is but when copying the ".decode('UTF-8')" from your docs (needed for python3), they pasted into sublime text as back-ticks (.decode(UTF-8)).

kind of weird. thought you should know.

Hi dear friends,

I'm using the flask-bcrypt after I've started to use flask-cookiecutter
it is a good lib, but now I've have problems to install it on a windows 32 bits and with python 3.4.

the python-bcrypt seems to be out dated.

Do you have some recommendation to install flask-bcrypt on this environment?

The python-bcrypt doesn't have any update since 2014-07-22 ... I saw other bcrypt implementation called bcrypt .. and that seems to be updated recently .. do you have some plan to migrate the bcrypt library?

My best regards,

Hi,

bcrypt_init sets _log_rounds to app.config['BCRYPT_LOG_ROUNDS'], but only for the local context of bcrypt_init.
generate_password_hash uses the default value of 12 again.

Best Regards,

Jesaja Everling

I'm getting an "Invalid Salt" error when I try to compare the hashed password with the entered password. I have used ".decode(‘utf-8’)" as stated in the docs. My code:

pw_hash = bcrypt.generate_password_hash(form.password.data).decode('utf8') print(bcrypt.check_password_hash(form.password.data,pw_hash))

I'm just using "print" to see it return true. Anyone got any ideas?

Hello,
it seems pypi is not updated with the lastest source version. I installed flask-bcrypt with pip and i don't find the implementation of the BCRYPT_HASH_PREFIX in the installed version with pypi.
Is it possible to update pypi? Thanks

Bcrypt just release new version 4.0.0 https://pypi.org/project/bcrypt/#history on August 24th and your module will not work with this version. I think fixed bcrypt version at 3.2.0 or below 4.0.0 will prevent an error happens like we had.

File "/usr/local/lib/python3.6/site-packages/flask_bcrypt.py", line 193, in check_password_hash
return safe_str_cmp(bcrypt.hashpw(password, pw_hash), pw_hash)
File "/usr/local/lib/python3.6/site-packages/bcrypt/__init__.py", line 84, in hashpw
return _bcrypt.hashpass(password, salt)
TypeError: argument 'salt': 'bytearray' object cannot be converted to 'PyBytes'

Documentation suggests importing via

from flask.ext.bcrypt import Bcrypt

However attempting to do so in python3 shows that this is deprecated. Correct python3 import is

from flask_bcrypt import Bcrypt

The default bcrypt settings is to run 12 rounds. I tested it out for time complexity and on a core i7:

In [8]: %timeit b.generate_password_hash('yo', 6)
100 loops, best of 3: 4.09 ms per loop

In [9]: %timeit b.generate_password_hash('yo', 7)
100 loops, best of 3: 8.12 ms per loop

In [10]: %timeit b.generate_password_hash('yo', 9)
10 loops, best of 3: 32.3 ms per loop

In [11]: %timeit b.generate_password_hash('yo', 10)
10 loops, best of 3: 64.5 ms per loop

In [12]: %timeit b.generate_password_hash('yo', 12)
1 loops, best of 3: 258 ms per loop

In [13]: %timeit b.generate_password_hash('yo', 12)
1 loops, best of 3: 258 ms per loop

In [14]: %timeit b.generate_password_hash('yo', 10)
10 loops, best of 3: 64.5 ms per loop

In [15]: %timeit b.generate_password_hash('yo', 8)
100 loops, best of 3: 16.2 ms per loop

I think the target should be about 8ms of complexity (see: http://security.stackexchange.com/questions/3959/recommended-of-iterations-when-using-pkbdf2-sha256/3993#3993) and most users of this package probably don't know they're doing about 256ms by default which pretty much limits a process to 4 password ops per second.

Just a thought :)

Werkzeug released v2.1.0 recently, removing werkzeug.security.safe_str_cmp

See this issue:
https://stackoverflow.com/questions/71652965/importerror-cannot-import-name-safe-str-cmp-from-werkzeug-security

Hi.
Can you update the online version of docs?

If it is sounds hard or time-consuming to you, try readthedocs.org.
http://readthedocs.org/docs/read-the-docs/en/latest/getting_started.html#import-your-docs
It will take you 5 minutes to start using the site, but then updating docs will be mush easier.

I'm getting an 'illegal instruction' error with flask-bcrypt v1.0.1 on Raspberry Pi OS Lite 32-Bit. "Raspbian GNU/Linux 11 (bullseye)"

from flask_bcrypt import Bcrypt

Causes my flask app to crash with:

Illegal instruction

If I remove this line, I can successfully run my flask app.

This used to work just fine with earlier versions of the OS.

Hi, I've realized that when I create a user with bcrypt password, the check password works just for that current day ... the next day .. the password doesn't match.

What am I doing wrong?

Thank you.

The latest versions of flask-bcrypt don't support python 3.10, though many of the flask extensions we use have. This causes a problem since the 0.7.1 release of flask-bcrypt isn't updated for the latest version of werkzeug, which causes the following import error on python 3.10 environments

File "..env/lib/python3.9/site-packages/flask_bcrypt.py", line 21, in <module>
    from werkzeug.security import safe_str_cmp
ImportError: cannot import name 'safe_str_cmp' from 'werkzeug.security'

inside my virtual env

(py27)$ pip install flask-bcrypt

gcc: failed to exec xcrun /usr/bin/xcrun: No such file or directory
    error: command 'gcc' failed with exit status 71

    ----------------------------------------
Command "/Users/minminsanjose/anaconda/envs/pyenv2.7.10/bin/python -c "import setuptools, tokenize;__file__='/private/var/folders/nv/4qz4kgk91rsd_28q18b_ljw00000gn/T/pip-build-1zPd_b/python-bcrypt/setup.py';exec(compile(getattr(tokenize, 'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" install --record /var/folders/nv/4qz4kgk91rsd_28q18b_ljw00000gn/T/pip-Ulk5R0-record/install-record.txt --single-version-externally-managed --compile" failed with error code 1 in /private/var/folders/nv/4qz4kgk91rsd_28q18b_ljw00000gn/T/pip-build-1zPd_b/python-bcrypt

Hi,

there is a small inconsistency between the README in this repo and the documentation on readthedocs.io. The compiled version for 1.0.1 includes the following section under "Usage", which is not found here:

In Python 3, you need to use decode(‘utf-8’) on generate_password_hash(), like below:
pw_hash = bcrypt.generate_password_hash(‘hunter2’).decode(‘utf-8’)

Hey guys,

Simply installed flask-bcrypt as per the documentation, but getting floating bug (run several times and it failed unpredicatable):

(venv)  courses (master) ✗ flask run --host=0.0.0.0
 * Serving Flask app "main.py" (lazy loading)
 * Environment: development
 * Debug mode: on
 * Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)
 * Restarting with stat
Traceback (most recent call last):
  File "/home/ep4sh/python/courses/venv/bin/flask", line 8, in <module>
    sys.exit(main())
  File "/home/ep4sh/python/courses/venv/lib/python3.9/site-packages/flask/cli.py", line 967, in main
    cli.main(args=sys.argv[1:], prog_name="python -m flask" if as_module else None)
  File "/home/ep4sh/python/courses/venv/lib/python3.9/site-packages/flask/cli.py", line 586, in main
    return super(FlaskGroup, self).main(*args, **kwargs)
  File "/home/ep4sh/python/courses/venv/lib/python3.9/site-packages/click/core.py", line 782, in main
    rv = self.invoke(ctx)
  File "/home/ep4sh/python/courses/venv/lib/python3.9/site-packages/click/core.py", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/home/ep4sh/python/courses/venv/lib/python3.9/site-packages/click/core.py", line 1066, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/home/ep4sh/python/courses/venv/lib/python3.9/site-packages/click/core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "/home/ep4sh/python/courses/venv/lib/python3.9/site-packages/click/decorators.py", line 73, in new_func
    return ctx.invoke(f, obj, *args, **kwargs)
  File "/home/ep4sh/python/courses/venv/lib/python3.9/site-packages/click/core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "/home/ep4sh/python/courses/venv/lib/python3.9/site-packages/flask/cli.py", line 852, in run_command
    run_simple(
  File "/home/ep4sh/python/courses/venv/lib/python3.9/site-packages/werkzeug/serving.py", line 965, in run_simple
    from .debug import DebuggedApplication
  File "/home/ep4sh/python/courses/venv/lib/python3.9/site-packages/werkzeug/debug/__init__.py", line 28, in <module>
    from ..security import gen_salt
ImportError: cannot import name 'gen_salt' from partially initialized module 'werkzeug.security' (most likely due to a circular import) (/home/ep4sh/python/courses/venv/lib/python3.9/site-packages/werkzeug/security.py)
(venv)  courses (master) ✗ flask run --host=0.0.0.0
 * Serving Flask app "main.py" (lazy loading)
 * Environment: development
 * Debug mode: on
Traceback (most recent call last):
  File "/home/ep4sh/python/courses/venv/bin/flask", line 8, in <module>
    sys.exit(main())
  File "/home/ep4sh/python/courses/venv/lib/python3.9/site-packages/flask/cli.py", line 967, in main
    cli.main(args=sys.argv[1:], prog_name="python -m flask" if as_module else None)
  File "/home/ep4sh/python/courses/venv/lib/python3.9/site-packages/flask/cli.py", line 586, in main
    return super(FlaskGroup, self).main(*args, **kwargs)
  File "/home/ep4sh/python/courses/venv/lib/python3.9/site-packages/click/core.py", line 782, in main
    rv = self.invoke(ctx)
  File "/home/ep4sh/python/courses/venv/lib/python3.9/site-packages/click/core.py", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/home/ep4sh/python/courses/venv/lib/python3.9/site-packages/click/core.py", line 1066, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/home/ep4sh/python/courses/venv/lib/python3.9/site-packages/click/core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "/home/ep4sh/python/courses/venv/lib/python3.9/site-packages/click/decorators.py", line 73, in new_func
    return ctx.invoke(f, obj, *args, **kwargs)
  File "/home/ep4sh/python/courses/venv/lib/python3.9/site-packages/click/core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "/home/ep4sh/python/courses/venv/lib/python3.9/site-packages/flask/cli.py", line 852, in run_command
    run_simple(
  File "/home/ep4sh/python/courses/venv/lib/python3.9/site-packages/werkzeug/serving.py", line 965, in run_simple
    from .debug import DebuggedApplication
  File "/home/ep4sh/python/courses/venv/lib/python3.9/site-packages/werkzeug/debug/__init__.py", line 28, in <module>
    from ..security import gen_salt
ImportError: cannot import name 'gen_salt' from partially initialized module 'werkzeug.security' (most likely due to a circular import) (/home/ep4sh/python/courses/venv/lib/python3.9/site-packages/werkzeug/security.py)
(venv)  courses (master) ✗ flask run --host=0.0.0.0
 * Serving Flask app "main.py" (lazy loading)
 * Environment: development
 * Debug mode: on
 * Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)
 * Restarting with stat
 * Debugger is active!
 * Debugger PIN: 113-244-799

in my app module:

  2 from flask import Flask                                                         
  3 from flask_bcrypt import Bcrypt                                                                                            
  ..........
 11 flask_bcrypt = Bcrypt(app)                                                                                                       

list of packages:

(venv)  courses (master) ✗ pip list
Package          Version
---------------- -------
bcrypt           3.2.0
cffi             1.14.5
click            7.1.2
dnspython        2.1.0
email-validator  1.1.2
Flask            1.1.2
Flask-Bcrypt     0.7.1
Flask-Login      0.5.0
Flask-SQLAlchemy 2.4.4
Flask-WTF        0.14.3
idna             3.1
itsdangerous     1.1.0
Jinja2           2.11.3
MarkupSafe       1.1.1
pip              21.0.1
pycparser        2.20
python-dotenv    0.15.0
setuptools       49.2.1
six              1.15.0
SQLAlchemy       1.3.23
Werkzeug         1.0.1
WTForms          2.3.3

Please suggest any ideas on how to fix it =)

Thanks in advance,
cheers

bcrypt is required to use Flask-Bcrypt
ERROR 2016-11-10 09:07:35,749 wsgi.py:263]
Traceback (most recent call last):
File "/home/emu/google-cloud-sdk/platform/google_appengine/google/appengine/runtime/wsgi.py", line 240, in Handle
handler = _config_handle.add_wsgi_middleware(self._LoadHandler())
File "/home/emu/google-cloud-sdk/platform/google_appengine/google/appengine/runtime/wsgi.py", line 299, in _LoadHandler
handler, path, err = LoadObject(self._handler)
File "/home/emu/google-cloud-sdk/platform/google_appengine/google/appengine/runtime/wsgi.py", line 85, in LoadObject
obj = import(path[0])
File "/home/emu/GCP/gcp-bcrypt/main.py", line 5, in
from flask.ext.bcrypt import Bcrypt
File "/home/emu/GCP/gcp-bcrypt/lib/flask/exthook.py", line 81, in load_module
reraise(exc_type, exc_value, tb.tb_next)
File "/home/emu/GCP/gcp-bcrypt/lib/flask_bcrypt.py", line 27, in
raise e
ImportError: No module named bcrypt._bcrypt

I've create a Google App Engine project. And add Flask-Bcrypt in my requirements.txt file. Then install the dependencies in my project lib folder. When I run the project this gives me above error. But my Flask module which is also a 3rd party library works fine.
What's the solution? I'm using Python 2.7

i got error ModuleNotFoundError: No module named 'flask.ext' when i try to import from flask.ext.bcrypt import Bcrypt.

http://werkzeug.pocoo.org/docs/0.11/utils/#module-werkzeug.security

https://flask-bcrypt.readthedocs.io/en/latest/

which is safer?

I was finishing up a simple user login with Flask and flask-Bcrypt. However, when trying to login with a user that is stored in my database, I keep getting this error

ValueError: Invalid salt

i tried the solution from (issue #9 ) but still not working
for more details checkout my stackoverflow question
http://stackoverflow.com/q/34548846/5104452

'Upgrade packages failed.

The following command was executed:

packaging_tool.py install --build-dir C:\Users\HP\AppData\Local\Temp\pycharm-packaging1541100851476301310.tmp -U Flask-Bcrypt

The error output of the command:

DEPRECATION: --no-install, --no-download, --build, and --no-clean are deprecated. See pypa/pip#906.
Requirement already up-to-date: Flask-Bcrypt in c:\users\hp\dropbox\venv\lib\site-packages
Requirement already up-to-date: Flask in c:\users\hp\dropbox\venv\lib\site-packages (from Flask-Bcrypt)
Downloading/unpacking py-bcrypt (from Flask-Bcrypt)
Downloading py-bcrypt-0.4.tar.gz
Running setup.py (path:C:\Users\HP\AppData\Local\Temp\pycharm-packaging1541100851476301310.tmp\py-bcrypt\setup.py) egg_info for package py-bcrypt

Requirement already up-to-date: Werkzeug>=0.7 in c:\users\hp\dropbox\venv\lib\site-packages (from Flask->Flask-Bcrypt)
Requirement already up-to-date: Jinja2>=2.4 in c:\users\hp\dropbox\venv\lib\site-packages (from Flask->Flask-Bcrypt)
Requirement already up-to-date: itsdangerous>=0.21 in c:\users\hp\dropbox\venv\lib\site-packages (from Flask->Flask-Bcrypt)
Requirement already up-to-date: markupsafe in c:\users\hp\dropbox\venv\lib\site-packages (from Jinja2>=2.4->Flask->Flask-Bcrypt)
Installing collected packages: py-bcrypt
Running setup.py install for py-bcrypt
building 'bcrypt._bcrypt' extension
c:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\BIN\cl.exe /c /nologo /Ox /MD /W3 /GS- /DNDEBUG -IC:\Python27\include -IC:\Users\HP\Dropbox\venv\PC /Tcbcrypt/bcrypt.c /Fobuild\temp.win32-2.7\Release\bcrypt/bcrypt.obj
bcrypt.c
bcrypt/bcrypt.c(139) : warning C4996: '_snprintf': This function or variable may be unsafe. Consider using _snprintf_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
c:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\INCLUDE\stdio.h(358) : see declaration of '_snprintf'
bcrypt/bcrypt.c(249) : warning C4996: '_snprintf': This function or variable may be unsafe. Consider using _snprintf_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
c:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\INCLUDE\stdio.h(358) : see declaration of '_snprintf'
c:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\BIN\cl.exe /c /nologo /Ox /MD /W3 /GS- /DNDEBUG -IC:\Python27\include -IC:\Users\HP\Dropbox\venv\PC /Tcbcrypt/bcrypt_pbkdf.c /Fobuild\temp.win32-2.7\Release\bcrypt/bcrypt_pbkdf.obj
bcrypt_pbkdf.c
c:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\BIN\cl.exe /c /nologo /Ox /MD /W3 /GS- /DNDEBUG -IC:\Python27\include -IC:\Users\HP\Dropbox\venv\PC /Tcbcrypt/bcrypt_python.c /Fobuild\temp.win32-2.7\Release\bcrypt/bcrypt_python.obj
bcrypt_python.c
bcrypt/bcrypt_python.c(63) : warning C4244: 'function' : conversion from 'long' to 'u_int8_t', possible loss of data
c:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\BIN\cl.exe /c /nologo /Ox /MD /W3 /GS- /DNDEBUG -IC:\Python27\include -IC:\Users\HP\Dropbox\venv\PC /Tcbcrypt/blowfish.c /Fobuild\temp.win32-2.7\Release\bcrypt/blowfish.obj
blowfish.c
c:\users\hp\appdata\local\temp\pycharm-packaging1541100851476301310.tmp\py-bcrypt\bcrypt\pybc_blf.h(86) : error C2146: syntax error : missing ')' before identifier 'passlen'
c:\users\hp\appdata\local\temp\pycharm-packaging1541100851476301310.tmp\py-bcrypt\bcrypt\pybc_blf.h(86) : error C2081: 'size_t' : name in formal parameter list illegal
c:\users\hp\appdata\local\temp\pycharm-packaging1541100851476301310.tmp\py-bcrypt\bcrypt\pybc_blf.h(86) : error C2061: syntax error : identifier 'passlen'
c:\users\hp\appdata\local\temp\pycharm-packaging1541100851476301310.tmp\py-bcrypt\bcrypt\pybc_blf.h(86) : error C2059: syntax error : ';'
c:\users\hp\appdata\local\temp\pycharm-packaging1541100851476301310.tmp\py-bcrypt\bcrypt\pybc_blf.h(86) : error C2059: syntax error : ','
c:\users\hp\appdata\local\temp\pycharm-packaging1541100851476301310.tmp\py-bcrypt\bcrypt\pybc_blf.h(88) : error C2059: syntax error : ')'
c:\users\hp\appdata\local\temp\pycharm-packaging1541100851476301310.tmp\py-bcrypt\bcrypt\pybc_blf.h(91) : error C2146: syntax error : missing ')' before identifier 'n'
c:\users\hp\appdata\local\temp\pycharm-packaging1541100851476301310.tmp\py-bcrypt\bcrypt\pybc_blf.h(91) : error C2081: 'size_t' : name in formal parameter list illegal
c:\users\hp\appdata\local\temp\pycharm-packaging1541100851476301310.tmp\py-bcrypt\bcrypt\pybc_blf.h(91) : error C2061: syntax error : identifier 'n'
c:\users\hp\appdata\local\temp\pycharm-packaging1541100851476301310.tmp\py-bcrypt\bcrypt\pybc_blf.h(91) : error C2059: syntax error : ';'
c:\users\hp\appdata\local\temp\pycharm-packaging1541100851476301310.tmp\py-bcrypt\bcrypt\pybc_blf.h(91) : error C2059: syntax error : ')'
error: command 'c:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\BIN\cl.exe' failed with exit status 2
Complete output from command C:\Users\HP\Dropbox\venv\Scripts\python.exe -c "import setuptools, tokenize;file='C:\Users\HP\AppData\Local\Temp\pycharm-packaging1541100851476301310.tmp\py-bcrypt\setup.py';exec(compile(getattr(tokenize, 'open', open)(file).read().replace('\r\n', '\n'), file, 'exec'))" install --record c:\users\hp\appdata\local\temp\pip-xbpywi-record\install-record.txt --single-version-externally-managed --compile --install-headers C:\Users\HP\Dropbox\venv\include\site\python2.7:
running install

running build

running build_py

creating build

creating build\lib.win32-2.7

creating build\lib.win32-2.7\bcrypt

copying bcrypt__init__.py -> build\lib.win32-2.7\bcrypt

running build_ext

building 'bcrypt._bcrypt' extension

creating build\temp.win32-2.7

creating build\temp.win32-2.7\Release

creating build\temp.win32-2.7\Release\bcrypt

c:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\BIN\cl.exe /c /nologo /Ox /MD /W3 /GS- /DNDEBUG -IC:\Python27\include -IC:\Users\HP\Dropbox\venv\PC /Tcbcrypt/bcrypt.c /Fobuild\temp.win32-2.7\Release\bcrypt/bcrypt.obj

bcrypt.c

bcrypt/bcrypt.c(139) : warning C4996: '_snprintf': This function or variable may be unsafe. Consider using _snprintf_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.

    c:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\INCLUDE\stdio.h(358) : see declaration of '_snprintf'

bcrypt/bcrypt.c(249) : warning C4996: '_snprintf': This function or variable may be unsafe. Consider using _snprintf_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.

    c:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\INCLUDE\stdio.h(358) : see declaration of '_snprintf'

c:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\BIN\cl.exe /c /nologo /Ox /MD /W3 /GS- /DNDEBUG -IC:\Python27\include -IC:\Users\HP\Dropbox\venv\PC /Tcbcrypt/bcrypt_pbkdf.c /Fobuild\temp.win32-2.7\Release\bcrypt/bcrypt_pbkdf.obj

bcrypt_pbkdf.c

c:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\BIN\cl.exe /c /nologo /Ox /MD /W3 /GS- /DNDEBUG -IC:\Python27\include -IC:\Users\HP\Dropbox\venv\PC /Tcbcrypt/bcrypt_python.c /Fobuild\temp.win32-2.7\Release\bcrypt/bcrypt_python.obj

bcrypt_python.c

bcrypt/bcrypt_python.c(63) : warning C4244: 'function' : conversion from 'long' to 'u_int8_t', possible loss of data

c:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\BIN\cl.exe /c /nologo /Ox /MD /W3 /GS- /DNDEBUG -IC:\Python27\include -IC:\Users\HP\Dropbox\venv\PC /Tcbcrypt/blowfish.c /Fobuild\temp.win32-2.7\Release\bcrypt/blowfish.obj

blowfish.c

c:\users\hp\appdata\local\temp\pycharm-packaging1541100851476301310.tmp\py-bcrypt\bcrypt\pybc_blf.h(86) : error C2146: syntax error : missing ')' before identifier 'passlen'

c:\users\hp\appdata\local\temp\pycharm-packaging1541100851476301310.tmp\py-bcrypt\bcrypt\pybc_blf.h(86) : error C2081: 'size_t' : name in formal parameter list illegal

c:\users\hp\appdata\local\temp\pycharm-packaging1541100851476301310.tmp\py-bcrypt\bcrypt\pybc_blf.h(86) : error C2061: syntax error : identifier 'passlen'

c:\users\hp\appdata\local\temp\pycharm-packaging1541100851476301310.tmp\py-bcrypt\bcrypt\pybc_blf.h(86) : error C2059: syntax error : ';'

c:\users\hp\appdata\local\temp\pycharm-packaging1541100851476301310.tmp\py-bcrypt\bcrypt\pybc_blf.h(86) : error C2059: syntax error : ','

c:\users\hp\appdata\local\temp\pycharm-packaging1541100851476301310.tmp\py-bcrypt\bcrypt\pybc_blf.h(88) : error C2059: syntax error : ')'

c:\users\hp\appdata\local\temp\pycharm-packaging1541100851476301310.tmp\py-bcrypt\bcrypt\pybc_blf.h(91) : error C2146: syntax error : missing ')' before identifier 'n'

c:\users\hp\appdata\local\temp\pycharm-packaging1541100851476301310.tmp\py-bcrypt\bcrypt\pybc_blf.h(91) : error C2081: 'size_t' : name in formal parameter list illegal

c:\users\hp\appdata\local\temp\pycharm-packaging1541100851476301310.tmp\py-bcrypt\bcrypt\pybc_blf.h(91) : error C2061: syntax error : identifier 'n'

c:\users\hp\appdata\local\temp\pycharm-packaging1541100851476301310.tmp\py-bcrypt\bcrypt\pybc_blf.h(91) : error C2059: syntax error : ';'

c:\users\hp\appdata\local\temp\pycharm-packaging1541100851476301310.tmp\py-bcrypt\bcrypt\pybc_blf.h(91) : error C2059: syntax error : ')'

error: command 'c:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\BIN\cl.exe' failed with exit status 2

Cleaning up...
Command C:\Users\HP\Dropbox\venv\Scripts\python.exe -c "import setuptools, tokenize;file='C:\Users\HP\AppData\Local\Temp\pycharm-packaging1541100851476301310.tmp\py-bcrypt\setup.py';exec(compile(getattr(tokenize, 'open', open)(file).read().replace('\r\n', '\n'), file, 'exec'))" install --record c:\users\hp\appdata\local\temp\pip-xbpywi-record\install-record.txt --single-version-externally-managed --compile --install-headers C:\Users\HP\Dropbox\venv\include\site\python2.7 failed with error code 1 in C:\Users\HP\AppData\Local\Temp\pycharm-packaging1541100851476301310.tmp\py-bcrypt
Storing debug log for failure in C:\Users\HP\pip\pip.log'

The documentation is incomplete. There is no info under the "API" header.

I noticed that Flask-Bcrypt==0.7.1 installed from pypi is not the same found in this repo (no matter it's 0.7.1 too https://github.com/maxcountryman/flask-bcrypt/blob/13df85ab1b4d7602a967c7ec1c6707c8cda459c6/flask_bcrypt.py)

here's comparison pypi vs repo (repo is newer)

4,6c4,6
<     
<     A Flask extension providing bcrypt hasing and comparison facilities.
<     
---
> 
>     A Flask extension providing bcrypt hashing and comparison facilities.
> 
28a29,30
> import hashlib
> 
40,41c42,44
<     To this this function, simple import it from the module and use it in a 
<     similar fashion as the method would be used. Here is a quick example::
---
>     To use this function, simply import it from the module and use it in a 
>     similar fashion as the original method would be used. Here is a quick
>     example::
43c46
<         from flask.ext.bcrypt import generate_password_hash
---
>         from flask_bcrypt import generate_password_hash
57,61c60,65
<     
<     To this this function, simple import it from the module and use it in a 
<     similar fashion as the method would be used. Here is a quick example::
<         
<         from flask.ext.bcrypt import check_password_hash
---
> 
>     To use this function, simply import it from the module and use it in a 
>     similar fashion as the original method would be used. Here is a quick
>     example::
> 
>         from flask_bcrypt import check_password_hash
63c67
<     
---
> 
119c123,138
<     
---
> 
>     You may also set the hash version using the `BCRYPT_HASH_PREFIX` field in
>     the configuration of the Flask app. If not set, this will default to `2b`.
>     (See bcrypt for more details)
> 
>     By default, the bcrypt algorithm has a maximum password length of 72 bytes
>     and ignores any bytes beyond that. A common workaround is to hash the
>     given password using a cryptographic hash (such as `sha256`), take its
>     hexdigest to prevent NULL byte problems, and hash the result with bcrypt.
>     If the `BCRYPT_HANDLE_LONG_PASSWORDS` configuration value is set to `True`,
>     the workaround described above will be enabled.
>     **Warning: do not enable this option on a project that is already using
>     Flask-Bcrypt, or you will break password checking.**
>     **Warning: if this option is enabled on an existing project, disabling it
>     will break password checking.**
> 
123a143,144
>     _prefix = '2b'
>     _handle_long_passwords = False
135,139c156,181
<     
<     def generate_password_hash(self, password, rounds=None):
<         '''Generates a password hash using bcrypt. Specifying `rounds` 
<         sets the log_rounds parameter of `bcrypt.gensalt()` which determines 
<         the complexity of the salt. 12 is the default value.
---
>         self._prefix = app.config.get('BCRYPT_HASH_PREFIX', '2b')
>         self._handle_long_passwords = app.config.get(
>             'BCRYPT_HANDLE_LONG_PASSWORDS', False)
> 
>     def _unicode_to_bytes(self, unicode_string):
>         '''Converts a unicode string to a bytes object.
> 
>         :param unicode_string: The unicode string to convert.'''
>         if PY3:
>             if isinstance(unicode_string, str):
>                 bytes_object = bytes(unicode_string, 'utf-8')
>             else:
>                 bytes_object = unicode_string
>         else:
>             if isinstance(unicode_string, unicode):
>                 bytes_object = unicode_string.encode('utf-8')
>             else:
>                 bytes_object = unicode_string
>         return bytes_object
> 
>     def generate_password_hash(self, password, rounds=None, prefix=None):
>         '''Generates a password hash using bcrypt. Specifying `rounds`
>         sets the log_rounds parameter of `bcrypt.gensalt()` which determines
>         the complexity of the salt. 12 is the default value. Specifying `prefix`
>         sets the `prefix` parameter of `bcrypt.gensalt()` which determines the 
>         version of the algorithm used to create the hash.
147a190
>         :param prefix: The algorithm version to use.
154a198,199
>         if prefix is None:
>             prefix = self._prefix
157,158c202,203
<         if PY3 and isinstance(password, str):
<             password = bytes(password, 'utf-8')
---
>         password = self._unicode_to_bytes(password)
>         prefix = self._unicode_to_bytes(prefix)
160,161c205,207
<         if not PY3 and isinstance(password, unicode):
<             password = password.encode('utf-8')
---
>         if self._handle_long_passwords:
>             password = hashlib.sha256(password).hexdigest()
>             password = self._unicode_to_bytes(password)
163c209,210
<         return bcrypt.hashpw(password, bcrypt.gensalt(rounds))
---
>         salt = bcrypt.gensalt(rounds=rounds, prefix=prefix)
>         return bcrypt.hashpw(password, salt)
181,182c228,229
<         if PY3 and isinstance(pw_hash, str):
<             pw_hash = bytes(pw_hash, 'utf-8')
---
>         pw_hash = self._unicode_to_bytes(pw_hash)
>         password = self._unicode_to_bytes(password)
184,185c231,233
<         if PY3 and isinstance(password, str):
<             password = bytes(password, 'utf-8')
---
>         if self._handle_long_passwords:
>             password = hashlib.sha256(password).hexdigest()
>             password = self._unicode_to_bytes(password)
187,192d234
<         if not PY3 and isinstance(pw_hash, unicode):
<             pw_hash = pw_hash.encode('utf-8')
< 
<         if not PY3 and isinstance(password, unicode):
<             password = password.encode('utf-8')
< 
194d235
< 

pypi was updated a long time ago and lacks such features as long_passwords and etc

bcrypt==3.2.0
Flask-Bcrypt==0.7.1

Documentation

Due to the recent increased prevelance of powerful hardware, such as modern GPUs, hashes have become increasingly easy to crack.

Any way you want to push 0.6.1 to pypi?

Thanks

I'm using this extension for simple password encryption and matching. I use generate_password_hash and save the encrypted password in the database when creating a new user.

When trying to login this user, check_password_hash(password, db_user_password) throws an Invalid salt exception. I don't know how to debug this. Any help?

Could there be an encoding issue somewhere? I don't know a thing about encryption except generating and matching hashes, help would be appreciated.

Can anyone help shed some light on this error? I dont experience any issues if I run my application locally or on a Ubuntu Instance. However, when deploying via AWS Beanstalk I get this error.

File "/opt/python/run/venv/lib64/python2.7/site-packages/bcrypt/__init__.py", line 82, in hashpw
hashed = _bcrypt.ffi.new("char[]", 128)
AttributeError: 'module' object has no attribute 'ffi'

Any suggestion much appreciated.

FYI - I have bcrypt==3.1.2 installed.

The password hash needs to be encoded like the password in the check_password_hash() method. As is, the 0.7.0 version raises an error when using a unicode password hash.
Python 2.7

Traceback (most recent call last):
File "server.py", line 56, in
bcrypt = Bcrypt(app)
File "/home/thewithz/.local/lib/python3.6/site-packages/flask_bcrypt.py", line 127, in init self.init_app(app)
File "/home/thewithz/.local/lib/python3.6/site-packages/flask_bcrypt.py", line 134, in init_app
self._log_rounds = app.config.get('BCRYPT_LOG_ROUNDS', 12)
AttributeError: 'FlaskApp' object has no attribute 'config'

if __name__ == '__main__':
app = connexion.FlaskApp(__name__, port=5000, specification_dir='swagger/')
app.add_api('swagger.yaml', arguments={'title': 'title'})
bcrypt = Bcrypt(app)
app.run()

password = b'super secret password'
hashpw= b'$2b$12$iyUDXZ.BX0jV2xfdZI7Ame4BB1lkIrZILNPe3Nax4gUMnqWU9lAv2'

  File "/home/ser/GIT/topitup/login_bp.py", line 82, in index
    if username and bcrypt_flask.check_password_hash(pwhash, password):
  File "/usr/lib/python3.4/site-packages/flask_bcrypt.py", line 180, in check_password_hash
    return safe_str_cmp(bcrypt.hashpw(password, pw_hash), pw_hash)
  File "/usr/lib/python3.4/site-packages/bcrypt/__init__.py", line 139, in hashpw
    raise TypeError("Unicode-objects must be encoded before hashing")
TypeError: Unicode-objects must be encoded before hashing

Python 3.4.3 (default, Mar 25 2015, 17:13:50)