Search⌘ K
AI Features
Home
Courses
Quick Start Full Stack Web Development

Creating the Authentication Table

Explore building authentication tables with password hashing using Flask ORM. Understand how to securely store user information, avoid storing plain passwords, and set up database tables for user verification and API access control.

We'll cover the following...

Creating auth_orm.py

Implementing JWT in the database requires creating a new table that stores the usernames and enough information to verify the password, without actually storing the passwords since that’s an unnecessary security risk. The password hash is computed by applying the md5 function from the hashlib package to a concatenation of the user name, the password salt, and the password. How they are concatenated doesn’t matter so long as it’s done the same way each time. Here’s the entire Auth ORM class.

Python 3.5
import hashlib
from sqlalchemy import Column, types
from sqlalchemy.ext.declarative import declarative_base
base = declarative_base()    
class Auth(base):
    '''Table ``auth`` with fields:
      * ``user_name`` - String of maximum length 80 and the primary key
      * ``pass_hash`` - The md5 hash of the user_name, salt, and password
      * ``pass_salt`` - An arbitrary string used to harden the hash
    '''
    __tablename__ = 'auth'
    user_id   = Column(types.String(length=38), primary_key=True)
    user_name = Column(types.String(length=80))
    pass_hash = Column(types.String(length=32))
    pass_salt = Column(types.String(length=40), default='')
    def _compute_hash(self, password):
        '''Hash ``user_name``, ``pass_salt``, and ``password``.'''
        return hashlib.md5((self.user_name + '|' + self.pass_salt + '|' + password).encode()).hexdigest()
    def _set_hash(self, password):
        '''Given known ``user_name`` and ``pass_salt``, compute and store
        ``pass_hash``.  Used for registering new users.  Does not commit.'''
        self.pass_hash = self._compute_hash(password)
    def _check_password(self, password):
        '''Check if ``password`` agrees with ``pass_hash`` and ``pass_salt``'''
        return self.pass_hash == self._compute_hash(password)

The _compute_hash method uses the username and salt values within the object to compute the password hash. The computed and stored hash values are then compared. This is ...