0

I am creating a django app and have run in to a problem with the login portion of it. Everything seems to be working fine but when I login in with the stored information I receive the ValueError with invalid salt. I've looked on here for solutions but nothing seems to be doing the trick. I tried using the encode('utf-8) solution but that doesn't work either.

def register(request):
check = User.objects.validateUser(request.POST)
if request.method != 'POST':
    return redirect('/')
if check[0] == False:
    for error in check[1]:
        messages.add_message(request, messages.INFO, error, extra_tags="registration")
        return redirect('/')
if check[0] == True:
    
    hashed_pw = bcrypt.hashpw(request.POST.get('password').encode(), bcrypt.gensalt())

    #create user
    user = User.objects.create(
        name = request.POST.get('name'),
        email = request.POST.get('email'),  
        password = hashed_pw,
    )

    
    request.session['user_id'] = user.id
    #route to quotes page
    return redirect('/quotes')


def login(request):
    if request.method != 'POST':
        return redirect('/')

    user = User.objects.filter(email = request.POST.get('email')).first()


    if user and bcrypt.checkpw(request.POST.get('password').encode(), user.password.encode()):
        request.session['user_id'] = user.id
        return redirect('/quotes')
    else: 
        messages.add_message(request, messages.INFO, 'invalid credentials', extra_tags="login")
        return redirect('/')
    return redirect('/quotes')

The issue seems to stem around the if user and bcrypt.checkpw() but I don't know what to do different?

user17678479
  • 1
  • 1
  • Could you show how you create a user? It seems like the problem could come from there. – Jacques Gaudin Dec 14 '21 at 23:58
  • You have written a view for serving non POST requests but trying to get values from request.POST !? – SANGEETH SUBRAMONIAM Dec 15 '21 at 00:01
  • #create user user = User.objects.create( name = request.POST.get('name'), email = request.POST.get('email'), password = hashed_pw, ) request.session['user_id'] = user.id return redirect('/quotes') – user17678479 Dec 15 '21 at 00:09
  • I think `User.objects.create` does not hash the password, whereas `User.objects.create_user` does. – Jacques Gaudin Dec 15 '21 at 00:14
  • When I change that, I get an error for registration so I don't think that's it – user17678479 Dec 15 '21 at 00:21
  • Ok you need to put bcrypt in your `PASSWORD_HASHERS` setting. See this answer: https://stackoverflow.com/a/33907709/1388292 – Jacques Gaudin Dec 15 '21 at 00:28
  • You don't need to reinvent the wheel, Django already has a nice authentication system, see [Using the Django authentication system](https://docs.djangoproject.com/en/4.0/topics/auth/default/) (Also you should use `create_user` and not `create`) – Abdul Aziz Barkat Dec 15 '21 at 03:12
  • Please clarify your specific problem or provide additional details to highlight exactly what you need. As it's currently written, it's hard to tell exactly what you're asking. – Community Dec 21 '21 at 19:41

0 Answers0