Which of the following code snippets correctly implements this functionality considering best practices?
hard🚀 Application Q15 of 15
FastAPI - Authentication and Security
You want to create a FastAPI endpoint that accepts a user's plain password, hashes it with bcrypt, and stores it securely. Which of the following code snippets correctly implements this functionality considering best practices?
Step 1: Check correct use of passlib CryptContext and hashing
from fastapi import FastAPI
from passlib.context import CryptContext
app = FastAPI()
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
@app.post("/register")
async def register(password: str):
hashed_password = pwd_context.hash(password)
# Store hashed_password securely
return {"msg": "User registered"} correctly imports CryptContext with deprecated="auto" and hashes the plain string password.
Step 2: Validate FastAPI endpoint and parameter types
from fastapi import FastAPI
from passlib.context import CryptContext
app = FastAPI()
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
@app.post("/register")
async def register(password: str):
hashed_password = pwd_context.hash(password)
# Store hashed_password securely
return {"msg": "User registered"} uses async def with password as str, which is standard for FastAPI input. It hashes and comments storing securely.
Step 3: Compare other options for errors
from fastapi import FastAPI
import bcrypt
app = FastAPI()
@app.post("/register")
def register(password: str):
hashed_password = bcrypt.hashpw(password, bcrypt.gensalt())
return {"hashed": hashed_password} uses bcrypt module incorrectly with str instead of bytes; from fastapi import FastAPI
from passlib.context import CryptContext
app = FastAPI()
pwd_context = CryptContext(schemes=["bcrypt"])
@app.post("/register")
async def register(password: str):
hashed_password = pwd_context.hash(password.encode())
return {"msg": "Password hashed"} hashes password.encode() but misses deprecated="auto"; from fastapi import FastAPI
from passlib.context import CryptContext
app = FastAPI()
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
@app.post("/register")
async def register(password: bytes):
hashed_password = pwd_context.hash(password)
return {"msg": "User registered"} expects bytes input which is unusual for FastAPI JSON input.
Final Answer:
from fastapi import FastAPI
from passlib.context import CryptContext
app = FastAPI()
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
@app.post("/register")
async def register(password: str):
hashed_password = pwd_context.hash(password)
# Store hashed_password securely
return {"msg": "User registered"} -> Option A
Quick Check:
Use passlib CryptContext with str input and deprecated="auto" [OK]
Quick Trick:Use passlib CryptContext with str password and deprecated="auto" [OK]
Common Mistakes:
MISTAKES
Using bcrypt module directly with wrong input types
Omitting deprecated="auto" in CryptContext
Accepting password as bytes instead of str in FastAPI
Master "Authentication and Security" in FastAPI
9 interactive learning modes - each teaches the same concept differently
