pwhash | A collection of password hashing routines in pure Rust | Hashing library

Fixed the problem by querying a list of usernames with their stored hash key. Then I compared the entered username to the username displayed in the list and extracted the relative hash key which I next used in the password_checking function.

models.py*

By default, authenticated_userid will not change in the same request in which you invoked remember. It is merely setting a cookie on the response object which the client will return on the NEXT request that indicates the auth status. In the current request, if you wish for authenticated_userid to change its value then you will have to implement your own remember or other mechanism for managing that - Pyramid does not do it by default in any of its authentication policies. The authentication policy API is simple and you can subclass/override it if you feel you need to change how that works.

Aha! Solved it. Syntax error, pwhash` is a tuple because that is what fetchone() returns, so it need to be check_password_hash(pwhash[0], request.form.get("password")) Thank you so much for the support. It hadn't occurred to me to test the check_password_hash function in isolation, doing that made me realise that I am working with a tuple. Cheers @JanL. Have a nice day.

Solved it with:

Haskell isn't Java. You're not supposed to end everything with a return. To get it to work, just change return findPass to findPass. You should also consider dropping the redundant do block and just using where instead of all of your lets.

Your code is almost right. All you need to provide the value of username as shown below.

Your are using a random salt to generate a hash. Then you try to find a hash that matches it. Of course, you will find nothing.

Instead, you should use the same hash as you used for this username. Your steps should be briefly as follows:

1. Look up for an entry using username only.
2. If not found, exit.
3. Extract the salt from the found entry.
4. Calculate hash using given password and extracted salt.
5. Compare if the calculated hash equals to the hash in the found entry.

You can use MapStruct to map from DTO to the model.

For example:

How about extending RegisterFormDTO class with fields: firstName, lastName, phoneNumber, email?

Then, your User class should have another constructor that supports more than username and password. In this case to limit the number of arguments in the constructor you can use a builder design pattern.

You can read more here: Managing constructors with many parameters in Java

And one more thing about naming convention, if your name contains uppercase shortcut that is longer than two characters you should proceed with PascalCase: RegisterDTO -> RegisterDto.

See: Java Naming Convention with Acronyms