Challenge - 5 Problems

🎖️

User Model Password Master

Get all challenges correct to earn this badge!

Test your skills under time pressure!

❓ component_behavior

intermediate

1:30remaining

What is the output of this Flask User model password check?

Given this User model code snippet, what will user.check_password('secret') return?

Flask

from werkzeug.security import generate_password_hash, check_password_hash

class User:
    def __init__(self, username, password):
        self.username = username
        self.password_hash = generate_password_hash(password)

    def check_password(self, password):
        return check_password_hash(self.password_hash, password)

user = User('alice', 'secret')
result = user.check_password('secret')

ANone

BTrue

CFalse

DRaises TypeError

Attempts:

2 left

📝 Syntax

intermediate

1:30remaining

Which option correctly defines a password setter in a Flask User model?

You want to set a password that stores a hashed version in password_hash. Which code snippet correctly implements this?

Flask

from werkzeug.security import generate_password_hash

class User:
    def __init__(self):
        self.password_hash = ''

    # password setter here

    def password(self, password):
        self.password_hash = generate_password_hash(password)

    def set_password(self, password):
        self.password_hash = generate_password_hash(password)

    @property
    def password(self):
        return self.password

    @password.setter
    def password(self, password):
        self.password_hash = generate_password_hash(password)

    @property
    def password(self):
        return self.password_hash

    @password.setter
    def password(self, password):
        self.password_hash = generate_password_hash(password)

Attempts:

2 left

🔧 Debug

advanced

2:00remaining

Why does this Flask User model password check always return False?

Examine this code and find why user.check_password('secret') returns False even though the password is correct.

Flask

from werkzeug.security import generate_password_hash, check_password_hash

class User:
    def __init__(self, username, password):
        self.username = username
        self.password = password

    def check_password(self, password):
        return check_password_hash(self.password, password)

user = User('bob', 'secret')
result = user.check_password('secret')

AThe password is stored unhashed in self.password, so check_password_hash fails.

BThe check_password method has wrong argument order in check_password_hash.

CThe password attribute is missing a setter to hash the password.

DThe username attribute conflicts with password hashing.

Attempts:

2 left

❓ state_output

advanced

1:30remaining

What is the value of user.password_hash after setting password?

Given this User model, what will user.password_hash contain after user.password = 'mypassword'?

Flask

from werkzeug.security import generate_password_hash

class User:
    def __init__(self):
        self.password_hash = ''

    @property
    def password(self):
        raise AttributeError('Password is write-only')

    @password.setter
    def password(self, password):
        self.password_hash = generate_password_hash(password)

user = User()
user.password = 'mypassword'
result = user.password_hash

AA string starting with 'pbkdf2:sha256:' representing the hashed password

BThe plain text string 'mypassword'

CRaises AttributeError

DAn empty string ''

Attempts:

2 left

🧠 Conceptual

expert

1:30remaining

Which statement best explains why storing plain passwords in a Flask User model is insecure?

Why should you never store plain text passwords directly in a User model in Flask?

AFlask automatically hashes passwords, so manual hashing is redundant.

BStoring plain passwords uses more database space than hashed passwords.

CPlain passwords can be stolen if the database is compromised, so hashing protects user data.

DPlain passwords cause syntax errors in Flask models.

Attempts:

2 left