Welcome to the Treehouse Community

The Treehouse Community is a meeting place for developers, designers, and programmers of all backgrounds and skill levels to get support. Collaborate here on code errors or bugs that you need feedback on, or asking for an extra set of eyes on your latest project. Join thousands of Treehouse students and alumni in the community today. (Note: Only Treehouse students can comment or ask questions, but non-students are welcome to browse our conversations.)

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and a supportive community. Start your free trial today.

Python Flask REST API API Protection Password hashing

Great! Now, add a staticmethod to User that returns a hashed password. Name it hash_password and have it take a single a

Not sure what is wrong with my code, or maybe I'm not understanding the question. Flask REST API password hashing challenge challenge 2 of 3. https://teamtreehouse.com/library/flask-rest-api/api-protection/password-hashing

Great! Now, add a staticmethod to User that returns a hashed password. Name it hash_password and have it take a single argument, the password to hash. Hash the password using HASHER's 'hash' method and return it.

models.py
import datetime

from peewee import *

from argon2 import PasswordHasher
from itsdangerous import (TimedJSONWebSignatureSerializer as Serializer,
                          BadSignature, SignatureExpired)

DATABASE = SqliteDatabase('recipes.db')

HASHER = PasswordHasher()


class User(Model):
    username = CharField(unique=True)
    password = CharField()


    class Meta:
        database = DATABASE

    @classmethod
    def create_user(cls, username, password):
        try:
            cls.get(cls.username**username)
        except cls.DoesNotExist:
            user = cls(username=username)
            # TODO: hash user password here?
            user.password = user.set_password(password)
            user.save()
            return user
        else:
            raise Exception("User already exists") 

    @staticmethod
    def set_password(password):
        return Hasher.hash(password)

    def verify_passowrd(self, password):
        return Hasher.verify(self.password, password)


class Recipe(Model):
    name = CharField()
    created_at = DateTimeField(default=datetime.datetime.now)

    class Meta:
        database = DATABASE


class Ingredient(Model):
    name = CharField()
    description = CharField()
    quantity = DecimalField()
    measurement_type = CharField()
    recipe = ForeignKeyField(Recipe)

    class Meta:
        database = DATABASE


def initialize():
    DATABASE.connect()
    DATABASE.create_tables([User, Recipe, Ingredient], safe=True)
    DATABASE.close()

1 Answer

Chris Freeman
MOD
Chris Freeman
Treehouse Moderator 67,636 Points

Two specific issues:

  • name method hash_password
  • call the HASHER.hash() method

Post back if you need more help. Good luck!