Flask-Hashing¶
Flask-Hashing is a Flask extension that provides an easy way to hash data and check a hash of a value against a given hash. Flask-Hashing uses hashlib to actually hash data.
The main use case for hashing in web applications is for user passwords. But because an application may have a different need for a hash function, this extension’s naming choices are not password-specific.
Installation¶
Install Flask-Hashing with either of the following commands::
$ easy_install flask-hashing
$ pip install flask-hashing
Usage¶
Initialize the extension as follows::
from flask import Flask
from flask.ext.hashing import Hashing
app = Flask(__name__)
hashing = Hashing(app)
After creating an instance of Hashing, we can hash data and check hashes of data as follows::
h = hashing.hash_value('secretdata', salt='abcd')
if hashing.check_value(h, 'secretdata', salt='abcd'):
# do some stuff because the hashes are equal
And that is all there is to it!
API¶
-
class
flask.ext.hashing.
Hashing
(app=None)¶ An extension that provides easy hashing and comparing of hashes to a Flask application. This extension uses the standard library
hashlib
to allow access to any available hash functions on the system via OpenSSL, depending on your version of Python in use. Thehashlib
module guarantees access tomd5
,sha1
,sha224
,sha256
,sha384
, andsha512
.To begin using this extension you must first wrap the application.:
from flask import Flask from flask.ext.hashing import Hashing app = Flask(__name__) hashing = Hashing(app)
If you prefer to use the factory pattern you can also use :class: as follows::
from flask import Flask from flask.ext.hashing import Hashing hashing = Hashing() # do some stuff app = create_app() hashing.init_app(app)
If you would like to customize your instance of :class:, you may specify values for HASHING_METHOD and HASHING_ROUNDS in the Flask application configuration. HASHING_METHOD defaults to
sha256
and HASHING_ROUNDS defaults to 1. If you are using anything less than Python 2.7.9 you will only have the guaranteed functions provided byhashlib
. Python 2.7.9 or higher allows access to OpenSSL hash functions. The name you supply to HASHING_METHOD must be valid tohashlib
. To get a list of valid names, supply a random string to HASHING_METHOD and check the output when initializing your application (it raises and exception), or checkhashlib.algorithms
for Python 2.7.8 or less, orhashlib.algorithms_available
if using Python 2.7.9+.-
check_value
(value_hash, value, salt='')¶ Checks the specified hash value against the hash of the provided salt and value.
An example usage of
check_value
would be:val_hash = hashing.hash_value('mysecretdata', salt='abcd') if hashing.check_value(val_hash, 'mysecretdata', salt='abcd'): # do something special
Parameters: - value_hash – The hash value to check against
- value – The value we want hashed to compare
- salt – The salt to use when generating the hash of
value
. Default is ‘’.
Returns: True if equal, False otherwise
Return type: bool
-
hash_value
(value, salt='')¶ Hashes the specified value combined with the specified salt. The hash is done HASHING_ROUNDS times as specified by the application configuration.
An example usage of :class:
hash_value
would be:val_hash = hashing.hash_value('mysecretdata', salt='abcd') # save to a db or check against known hash
Parameters: - value – The value we want hashed
- salt – The salt to use when generating the hash of
value
. Default is ‘’.
Returns: The resulting hash as a string
Return type: str
-
init_app
(app)¶ Initializes the Flask application with this extension. It grabs the necessary configuration values from
app.config
, those being HASHING_METHOD and HASHING_ROUNDS. HASHING_METHOD defaults tosha256
but can be any one ofhashlib.algorithms
. HASHING_ROUNDS specifies the number of times to hash the input with the specified algorithm. This defaults to 1.Parameters: app – Flask application object
-