Homarr•2y ago

Issue with python password encryption

so i am trying to create a user using python directly entering a user enter into db but on that my auth fails

salt = bcrypt.gensalt(10)
hashed_password = bcrypt.hashpw(password.encode('utf-8'), salt)
user_id = uuid.uuid4()
cursor.execute('''INSERT INTO users (id, name, email, password, salt, isAdmin, isOwner)VALUES (?, ?, ?, ?, ?, ?, ?)''',(user_id, username, None, hashed_password, salt, True, True))

salt = bcrypt.gensalt(10)
hashed_password = bcrypt.hashpw(password.encode('utf-8'), salt)
user_id = uuid.uuid4()
cursor.execute('''INSERT INTO users (id, name, email, password, salt, isAdmin, isOwner)VALUES (?, ?, ?, ?, ?, ?, ?)''',(user_id, username, None, hashed_password, salt, True, True))

This how my code looks like is not possible to hash password via python i think hashing is correct but docker logs show no error what reason of fail auth hope you can point me to right direction.

Cakey Bot•3/14/24, 1:58 PM

Thank you for submitting a support request.

Depending on the volume of requests, our team should get in contact with you shortly.

Please include the following details in your post or we may reject your request without further comment:

Log (See https://homarr.dev/docs/community/faq#how-do-i-open-the-console--log)
Operating system (Unraid, TrueNAS, Ubuntu, ...)
Exact Homarr version (eg. 0.15.0, not latest)
Configuration (eg. docker-compose, screenshot or similar. Use ``your-text`` to format)
Other relevant information (eg. your devices, your browser, ...)

❓ Frequently Asked Questions | Homarr documentation

Can I install Homarr on a Raspberry Pi?

Manicraft1001•3/14/24, 2:09 PM

Hi, we do not provide support for your own code.
Have you considered to use the Homarr API?

GojoOP•3/14/24, 2:44 PM

Where can i find docs for that?

GojoOP•3/14/24, 2:45 PM

I mean homarr API and i just wanted to confirm that encryption is correct or not ?

GojoOP•3/14/24, 2:46 PM

If you can point to homarr API docs that would be great too

Manicraft1001•3/14/24, 2:57 PM

You can find the docs in the management pages of your app @Gojo

Manicraft1001•3/14/24, 2:57 PM

Under "tools"

GojoOP•3/14/24, 4:05 PM

Thank you i will look into it

GojoOP•3/14/24, 4:06 PM

is there a way to check why auth is failing some logs or something ?

Manicraft1001•3/14/24, 4:10 PM

Authentication failures will result in 401 or 403 on the API and a log message

Manicraft1001•3/14/24, 4:10 PM

Can I mark this as resolved?

GojoOP•3/14/24, 4:20 PM

yeah sure

GojoOP•3/14/24, 4:20 PM

Thank you for your help :d

GojoOP•3/15/24, 5:48 AM

I have a question so basically i want to create a admin user without interacting with UI so what i am doing is using python to create a admin user directly in DB in user table and i checked encryption is correct from online tools that password is encrypting correctly but still i can't login is there a way to create first time admin user without interacting through UI?

Manicraft1001•3/15/24, 6:34 AM

Using the API @Gojo

GojoOP•3/15/24, 6:34 AM

But for that i need auth token right?

GojoOP•3/15/24, 6:35 AM

And db don't have a auth token until user is created if i am not mistaken please correct me if i am wrong and sorry for all the trouble

Manicraft1001•3/15/24, 6:36 AM

Yes, correct

Manicraft1001•3/15/24, 6:36 AM

Have you tried restarting Homarr after you edit the dB?

GojoOP•3/15/24, 6:36 AM

Yes still no luck :/

Manicraft1001•3/15/24, 6:36 AM

Does it actually write to the DB?

GojoOP•3/15/24, 6:36 AM

Yes checked db manually

GojoOP•3/15/24, 6:37 AM

If u want i can show u the entries

Manicraft1001•3/15/24, 6:38 AM

Yes please do

Manicraft1001•3/15/24, 6:39 AM

Also, does the library you use work the same? It must encrypt the same way for this to work

GojoOP•3/15/24, 6:40 AM

I checked using online bycrypt tools so encryption is corrected and after good its almost same

Manicraft1001•3/15/24, 6:40 AM

"almost" is not the same lol

Manicraft1001•3/15/24, 6:40 AM

So your code is incorrect. Hence Homarr is unable to compare the hashes.

GojoOP•3/15/24, 6:41 AM

this is my entry in db

Manicraft1001•3/15/24, 6:43 AM

Yes, looks good but I cannot know whether the hash is fine or not from looking at it. You said that it's different than when you build it using Homarr? How did you test that? It should be quite clear that if the hash is different, login will refuse to work.

GojoOP•3/15/24, 6:44 AM

Online bycrypt tool

Manicraft1001•3/15/24, 6:45 AM

Yes but how? What do you encrypt? How do you compare? What salt are you using?

GojoOP•3/15/24, 6:45 AM

So that tool allow u to check bycrypted hash with orginam string if they are same they return a 200

Manicraft1001•3/15/24, 6:47 AM

Let me ask you again:

I am volunteering to help you. Please help me by providing information. You did not answer my questions. I am unable to help you debug when you don't answer them

Manicraft1001•3/15/24, 6:48 AM

Do you simply not know how this "online checker" handles encryption? Then please say that

GojoOP•3/15/24, 6:48 AM

No i am not sure how they does

GojoOP•3/15/24, 6:49 AM

Sorry its online site so i am aware how they check it

Manicraft1001•3/15/24, 6:55 AM

It's important to understand such things when programming.
We do the encryption like this: https://github.com/ajnart/homarr/blob/1cc4ae5c03b2829f9eb0fa032330a460e2de6587/src/server/api/routers/user.ts#L434

I suggest you to use a bcrypt library and attempt to do the same.

Generate a salt with 10 rounds
Hash the cleartext password using said salt
Store both in the database
Restart Homarr

GitHub

homarr/src/server/api/routers/user.ts at 1cc4ae5c03b2829f9eb0fa0323...

Customizable browser's home page to interact with your homeserver's Docker containers (e.g. Sonarr/Radarr) - ajnart/homarr

GojoOP•3/15/24, 6:59 AM

Thank u i will give it a try

Thank you for submitting a support request.

Depending on the volume of requests

, our team should get in contact with you shortly

Please include the following details in your post or we may reject your request without further comment:

Log (See https://homarr.dev/docs/community/faq#how-do-i-open-the-console--log)
Operating system (Unraid, TrueNAS, Ubuntu, ...)
Exact Homarr version (eg. 0.15.0, not latest)
Configuration (eg. docker-compose, screenshot or similar. Use ``your-text`` to format)
Other relevant information (eg. your devices, your browser, ...)