flask-bcrypt - ValueError: Invalid salt

Question

I was finishing up a simple user login with Flask and flask-Bcrypt. However, when trying to login with a user that is stored in my database, I keep getting this error

<

Answer 1

It appears that this exception will also be returned if anything goes wrong while hashing a password.

From the bcrypt source for hashpw():

hashed = _bcrypt.ffi.new("unsigned char[]", 128)
retval = _bcrypt.lib.crypt_rn(password, salt, hashed, len(hashed))

if not retval:
    raise ValueError("Invalid salt")

The bcrypt package (which Flask-Bcrypt uses to get the work done) returns ValueError: Invalid salt whenever the call to the OS's bcrypt lib returns an error. So if for some reason it is unable to invoke the bcrypt lib at all, it will still (incorrectly) return the Invalid salt error.

Seems to be a flaw in the bcrypt package implementation - it should check for specific values of retval.

---

In my case, the error turned out to be related running Flask under Apache mod_wsgi in a virtualenv. I could run flask directly without problems (using flask-cli), but the exact same app instance wouldn't successfully use bcrypt when running under mod_wsgi.

The problem was solved by modifying my Apache config to use the virtualenv as the main Python environment for mod_wsgi.

In httpd.conf or under /etc/httpd/conf.d/... add:

WSGIPythonHome /path/to/my/application-virtualenv

More information about this configuration can be found here: Virtual Environments — mod_wsgi documentation

I still suspect that my particular problem is related to something being shadowed by my system's python site-packages, or something else related to python includes.

---

Edit: Setting WSGIPythonHome turned out not to fix the problem. In the end I switched to uWSGI with nginx.