Browse Source

Chapter 8: Password hashing with Werkzeug (8a)

master
T. Meissner 6 years ago
parent
commit
d16769aefa
2 changed files with 48 additions and 0 deletions
  1. +13
    -0
      app/models.py
  2. +35
    -0
      tests/test_user_model.py

+ 13
- 0
app/models.py View File

@ -1,3 +1,4 @@
from werkzeug.security import generate_password_hash, check_password_hash
from . import db from . import db
@ -16,6 +17,18 @@ class User(db.Model):
id = db.Column(db.Integer, primary_key=True) id = db.Column(db.Integer, primary_key=True)
username = db.Column(db.String(64), unique=True, index=True) username = db.Column(db.String(64), unique=True, index=True)
role_id = db.Column(db.Integer, db.ForeignKey('roles.id')) role_id = db.Column(db.Integer, db.ForeignKey('roles.id'))
password_hash = db.Column(db.String(128))
@property
def password(self):
raise AttributeError('Password is not a readable attribute')
@password.setter
def password(self, password):
self.password_hash = generate_password_hash(password)
def verify_password(self, password):
return check_password_hash(self.password_hash, password)
def __repr__(self): def __repr__(self):
return '<User %r>' % self.username return '<User %r>' % self.username

+ 35
- 0
tests/test_user_model.py View File

@ -0,0 +1,35 @@
import unittest
from app import create_app, db
from app.models import User
class UserModelTestCase(unittest.TestCase):
def setUp(self):
self.app = create_app('testing')
self.app_context = self.app.app_context()
self.app_context.push()
db.create_all()
def tearDown(self):
db.session.remove()
db.drop_all()
self.app_context.pop()
def test_password_setter(self):
u = User(password='cat')
self.assertTrue(u.password_hash is not None)
def test_no_password_getter(self):
u = User(password='cat')
with self.assertRaises(AttributeError):
u.password
def test_password_verification(self):
u = User(password='cat')
self.assertTrue(u.verify_password('cat'))
self.assertFalse(u.verify_password('dog'))
def test_password_salts_are_random(self):
u = User(password='cat')
u2 = User(password='cat')
self.assertTrue(u.password_hash != u2.password_hash)

Loading…
Cancel
Save