0
0
Flaskframework~10 mins

User model with password in Flask - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Concept Flow - User model with password
Define User class
Add password field (hashed)
Create set_password method
Hash plain password
Store hashed password
Create check_password method
Compare input password hash with stored hash
Return True if match, else False
This flow shows how a User model stores a hashed password and checks it securely.
Execution Sample
Flask
from werkzeug.security import generate_password_hash, check_password_hash

class User:
    def __init__(self, username):
        self.username = username
        self.password_hash = ''
    def set_password(self, password):
        self.password_hash = generate_password_hash(password)
    def check_password(self, password):
        return check_password_hash(self.password_hash, password)
Defines a User class that hashes passwords when set and verifies passwords by comparing hashes.
Execution Table
StepActionInputPassword HashOutput
1Create User instanceusername='alice'''User object created
2Call set_passwordpassword='secret123'hash('secret123')Password hash stored
3Call check_passwordpassword='secret123'hash('secret123')True (password matches)
4Call check_passwordpassword='wrongpass'hash('secret123')False (password does not match)
5Endhash('secret123')Process complete
💡 Password check returns False when input password hash does not match stored hash
Variable Tracker
VariableStartAfter set_passwordAfter check_password(True)After check_password(False)
usernamealicealicealicealice
password_hash''hash('secret123')hash('secret123')hash('secret123')
check_password resultN/AN/ATrueFalse
Key Moments - 2 Insights
Why do we store a hashed password instead of the plain password?
Storing a hashed password protects user security. The execution_table shows the password_hash stores a hash, not the plain password, preventing exposure if the database leaks.
How does check_password know if the password is correct?
check_password hashes the input and compares it to the stored hash. The execution_table rows 3 and 4 show True when hashes match and False when they don't.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution table, what is the password_hash after calling set_password with 'secret123'?
A'' (empty string)
Bsecret123
Chash('secret123')
DNone
💡 Hint
Check Step 2 in the execution_table under Password Hash column
At which step does check_password return False?
AStep 4
BStep 3
CStep 2
DStep 1
💡 Hint
Look at the Output column in execution_table for check_password calls
If we change the input password in set_password, what changes in variable_tracker?
Ausername changes
Bpassword_hash changes
Ccheck_password result changes immediately
DNothing changes
💡 Hint
See variable_tracker row for password_hash after set_password
Concept Snapshot
User model stores password securely by hashing it.
Use set_password to hash and save the password.
Use check_password to verify input against stored hash.
Never store plain passwords.
Use werkzeug.security helpers for hashing.
This protects user data if database leaks.
Full Transcript
This example shows a User class in Flask that handles passwords safely. When a password is set, it is hashed using generate_password_hash and stored in password_hash. When checking a password, check_password_hash compares the input password's hash with the stored hash. The execution table traces creating a user, setting a password, and checking it with correct and incorrect inputs. The variable tracker shows how password_hash changes after setting the password and how check_password returns True or False. Key moments clarify why hashing is important and how password verification works. The visual quiz tests understanding of password hashing and verification steps. This approach keeps user passwords safe by never storing them in plain text.