Creating the Authentication Table
Learn how to create an authentication table.
We'll cover the following...
Creating auth_orm.py
Implementing JWT in the database requires creating a new table that stores the usernames and enough information to verify the password, without actually storing the passwords since that’s an unnecessary security risk. The password hash is computed by applying the md5 function from the hashlib package to a concatenation of the user name, the password salt, and the password. How they are concatenated doesn’t matter so long as it’s done the same way each time. Here’s the entire Auth ORM class.
Press + to interact
import hashlibfrom sqlalchemy import Column, typesfrom sqlalchemy.ext.declarative import declarative_basebase = declarative_base()class Auth(base):'''Table ``auth`` with fields:* ``user_name`` - String of maximum length 80 and the primary key* ``pass_hash`` - The md5 hash of the user_name, salt, and password* ``pass_salt`` - An arbitrary string used to harden the hash'''__tablename__ = 'auth'user_id = Column(types.String(length=38), primary_key=True)user_name = Column(types.String(length=80))pass_hash = Column(types.String(length=32))pass_salt = Column(types.String(length=40), default='')def _compute_hash(self, password):'''Hash ``user_name``, ``pass_salt``, and ``password``.'''return hashlib.md5((self.user_name + '|' + self.pass_salt + '|' + password).encode()).hexdigest()def _set_hash(self, password):'''Given known ``user_name`` and ``pass_salt``, compute and store``pass_hash``. Used for registering new users. Does not commit.'''self.pass_hash = self._compute_hash(password)def _check_password(self, password):'''Check if ``password`` agrees with ``pass_hash`` and ``pass_salt``'''return self.pass_hash == self._compute_hash(password)
The _compute_hash method uses the username and salt values within the object to compute the password hash. The computed and stored hash values are then compared. This is ...