H
Homarr8mo ago
Gojo

Issue with python password encryption

so i am trying to create a user using python directly entering a user enter into db but on that my auth fails 
salt = bcrypt.gensalt(10)
hashed_password = bcrypt.hashpw(password.encode('utf-8'), salt)
user_id = uuid.uuid4()
cursor.execute('''INSERT INTO users (id, name, email, password, salt, isAdmin, isOwner)VALUES (?, ?, ?, ?, ?, ?, ?)''',(user_id, username, None, hashed_password, salt, True, True))
salt = bcrypt.gensalt(10)
hashed_password = bcrypt.hashpw(password.encode('utf-8'), salt)
user_id = uuid.uuid4()
cursor.execute('''INSERT INTO users (id, name, email, password, salt, isAdmin, isOwner)VALUES (?, ?, ?, ?, ?, ?, ?)''',(user_id, username, None, hashed_password, salt, True, True))
This how my code looks like is not possible to hash password via python i think hashing is correct but docker logs show no error what reason of fail auth hope you can point me to right direction. 🙂
25 Replies
Cakey Bot
Cakey Bot8mo ago
Thank you for submitting a support request. Depending on the volume of requests, our team should get in contact with you shortly.
⚠️ Please include the following details in your post or we may reject your request without further comment: - Log (See https://homarr.dev/docs/community/faq#how-do-i-open-the-console--log) - Operating system (Unraid, TrueNAS, Ubuntu, ...) - Exact Homarr version (eg. 0.15.0, not latest) - Configuration (eg. docker-compose, screenshot or similar. Use ``your-text`` to format) - Other relevant information (eg. your devices, your browser, ...)
❓ Frequently Asked Questions | Homarr documentation
Can I install Homarr on a Raspberry Pi?
Manicraft1001
Manicraft10018mo ago
Hi, we do not provide support for your own code. Have you considered to use the Homarr API?
Gojo
Gojo8mo ago
Where can i find docs for that? I mean homarr API and i just wanted to confirm that encryption is correct or not ?😅 If you can point to homarr API docs that would be great too 🙂
Manicraft1001
Manicraft10018mo ago
You can find the docs in the management pages of your app @Gojo Under "tools"
Gojo
Gojo8mo ago
Thank you i will look into it 😄 is there a way to check why auth is failing some logs or something ?
Manicraft1001
Manicraft10018mo ago
Authentication failures will result in 401 or 403 on the API and a log message Can I mark this as resolved?
Gojo
Gojo8mo ago
yeah sure 🙂 Thank you for your help :d I have a question so basically i want to create a admin user without interacting with UI so what i am doing is using python to create a admin user directly in DB in user table and i checked encryption is correct from online tools that password is encrypting correctly but still i can't login is there a way to create first time admin user without interacting through UI?
Manicraft1001
Manicraft10018mo ago
Using the API @Gojo
Gojo
Gojo8mo ago
But for that i need auth token right? And db don't have a auth token until user is created if i am not mistaken please correct me if i am wrong and sorry for all the trouble
Manicraft1001
Manicraft10018mo ago
Yes, correct Have you tried restarting Homarr after you edit the dB?
Gojo
Gojo8mo ago
Yes still no luck :/
Manicraft1001
Manicraft10018mo ago
Does it actually write to the DB?
Gojo
Gojo8mo ago
Yes checked db manually If u want i can show u the entries
Manicraft1001
Manicraft10018mo ago
Yes please do Also, does the library you use work the same? It must encrypt the same way for this to work
Gojo
Gojo8mo ago
I checked using online bycrypt tools so encryption is corrected and after good its almost same
Manicraft1001
Manicraft10018mo ago
"almost" is not the same lol So your code is incorrect. Hence Homarr is unable to compare the hashes.
Gojo
Gojo8mo ago
 sqlite3 db.sqlite "select * from user";
cce765e1-bf9e-4d99-afc0-d8dfd3e7924e|luffy||||$2b$10$zvcm/lGn1H9xwzcHEd0CxuyI/CXKB6lYUuR5cwDwcpIsN.ZCOOc2C|$2b$10$zvcm/lGn1H9xwzcHEd0Cxu|1|1
 sqlite3 db.sqlite "select * from user";
cce765e1-bf9e-4d99-afc0-d8dfd3e7924e|luffy||||$2b$10$zvcm/lGn1H9xwzcHEd0CxuyI/CXKB6lYUuR5cwDwcpIsN.ZCOOc2C|$2b$10$zvcm/lGn1H9xwzcHEd0Cxu|1|1
this is my entry in db
Manicraft1001
Manicraft10018mo ago
Yes, looks good but I cannot know whether the hash is fine or not from looking at it. You said that it's different than when you build it using Homarr? How did you test that? It should be quite clear that if the hash is different, login will refuse to work.
Gojo
Gojo8mo ago
Online bycrypt tool
Manicraft1001
Manicraft10018mo ago
Yes but how? What do you encrypt? How do you compare? What salt are you using?
Gojo
Gojo8mo ago
So that tool allow u to check bycrypted hash with orginam string if they are same they return a 200
Manicraft1001
Manicraft10018mo ago
Let me ask you again: 
Yes but how? What do you encrypt? How do you compare? What salt are you using?
Yes but how? What do you encrypt? How do you compare? What salt are you using?
I am volunteering to help you. Please help me by providing information. You did not answer my questions. I am unable to help you debug when you don't answer them Do you simply not know how this "online checker" handles encryption? Then please say that
Gojo
Gojo8mo ago
No i am not sure how they does Sorry its online site so i am aware how they check it
Manicraft1001
Manicraft10018mo ago
It's important to understand such things when programming. We do the encryption like this: https://github.com/ajnart/homarr/blob/1cc4ae5c03b2829f9eb0fa032330a460e2de6587/src/server/api/routers/user.ts#L434 I suggest you to use a bcrypt library and attempt to do the same. - Generate a salt with 10 rounds - Hash the cleartext password using said salt - Store both in the database - Restart Homarr
GitHub
homarr/src/server/api/routers/user.ts at 1cc4ae5c03b2829f9eb0fa0323...
Customizable browser's home page to interact with your homeserver's Docker containers (e.g. Sonarr/Radarr) - ajnart/homarr
Gojo
Gojo8mo ago
Thank u i will give it a try
Want results from more Discord servers?
Add your server