使用werkzeug 实现密码散列
from werkzeug.security import generate_password_hash,check_password_hash class User(db.Model): __tablename__ = 'users' id = db.Column(db.Integer, primary_key=True) username = db.Column(db.String(64), unique=True,index=True) role_id=db.Column(db.Integer,db.ForeignKey('roles.id')) password_hash=db.Column(db.String(128)) @property def password(self): raise AttributeError('密码不是一个可读属性') #只写属性 @password.setter def password(self,password): self.password_hash = generate_password_hash(password) def verify_password(self,password): return check_password_hash(self.password_hash,password) def __repr__(self): return '<User %r>' % self.username
密码散列化测试tests/test_url_model.py
#!/usr/bin/env python # -*- coding:utf-8 -*- import unittest from app.models import User class UserModelTestCase(unittest.TestCase): def test_password_setter(self): u = User(password='cat') self.assertTrue(u.password_hash is not None) def test_no_password_getter(self): u = User(password='cat') with self.assertRaises(AttributeError): u.password def test_password_verification(self): u = User(password='cat') self.assertTrue(u.verify_password('cat')) self.assertFalse(u.verify_password('dog')) def test_password_salts_are_random(self): u =User(password='cat') u2=User(password='cat') self.assertTrue(u.password_hash != u2.password_hash)