What is User model with password in Flask?

Flaskframework~5 mins

User model with password in Flask

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

Introduction

We create a user model with a password to safely store user login details. This helps keep user accounts secure.

When building a website that requires users to sign up and log in.

When you want to protect user passwords by not saving them as plain text.

When you need to check if a user's password is correct during login.

When managing user accounts in a Flask web application.

Syntax

Flask

from flask_sqlalchemy import SQLAlchemy
from werkzeug.security import generate_password_hash, check_password_hash

db = SQLAlchemy()

class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    username = db.Column(db.String(80), unique=True, nullable=False)
    password_hash = db.Column(db.String(128), nullable=False)

    def set_password(self, password):
        self.password_hash = generate_password_hash(password)

    def check_password(self, password):
        return check_password_hash(self.password_hash, password)

The password is never saved directly. Instead, a hashed version is stored.

Use set_password to save a password and check_password to verify it.

Examples

Create a new user and save a hashed password to the database.

Flask

user = User(username='alice')
user.set_password('mypassword123')
db.session.add(user)
db.session.commit()

Check if the entered password matches the stored hashed password.

Flask

user = User.query.filter_by(username='alice').first()
if user and user.check_password('mypassword123'):
    print('Login successful')
else:
    print('Login failed')

Sample Program

This Flask app creates a user model, saves a hashed password, and checks it. It uses an in-memory database for simplicity.

Flask

from flask import Flask
from flask_sqlalchemy import SQLAlchemy
from werkzeug.security import generate_password_hash, check_password_hash

app = Flask(__name__)
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///:memory:'
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False

db = SQLAlchemy(app)

class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    username = db.Column(db.String(80), unique=True, nullable=False)
    password_hash = db.Column(db.String(128), nullable=False)

    def set_password(self, password):
        self.password_hash = generate_password_hash(password)

    def check_password(self, password):
        return check_password_hash(self.password_hash, password)

with app.app_context():
    db.create_all()

    # Create user
    user = User(username='bob')
    user.set_password('secret123')
    db.session.add(user)
    db.session.commit()

    # Verify password
    user_check = User.query.filter_by(username='bob').first()
    if user_check and user_check.check_password('secret123'):
        print('Password is correct')
    else:
        print('Password is incorrect')

OutputSuccess

Important Notes

Never store passwords as plain text to keep user data safe.

Use werkzeug.security functions to hash and check passwords easily.

Always test password checking to avoid login errors.

Summary

User models store usernames and hashed passwords.

Use set_password to hash and save passwords.

Use check_password to verify passwords during login.