Bootstrap FreeKB - Flask - Resolve "The 'sha256' password method is deprecated and will be removed in Werkzeug 3.0. Migrate to the 'scrypt' method."
Flask - Resolve "The 'sha256' password method is deprecated and will be removed in Werkzeug 3.0. Migrate to the 'scrypt' method."

Updated:   |  Flask articles

Let's say something like this is being returned.

UserWarning: The 'sha256' password method is deprecated and will be removed in Werkzeug 3.0. Migrate to the 'scrypt' method.

 

I first got this when using werkzeug.securitty generate_password_hash, perhaps something like this. Notice in this example that generate_password_hash has method='sha256'.

from flask import Blueprint, render_template
from sqlalchemy import func
from . import db
from .models import users
from werkzeug.security import generate_password_hash

views = Blueprint('views', __name__)

@views.route('/')
def home():
    data = users(
        username='john.doe',
        password=generate_password_hash('itsasecret', method='sha256'),
        date_updated=func.now()
    )
    db.session.add(data)
    db.session.commit()
    return render_template('home.html')

 

Simply replace sha256 with scrypt.

from flask import Blueprint, render_template
from sqlalchemy import func
from . import db
from .models import users
from werkzeug.security import generate_password_hash

views = Blueprint('views', __name__)

@views.route('/')
def home():
    data = users(
        username='john.doe',
        password=generate_password_hash('itsasecret', method='scrypt'),
        date_updated=func.now()
    )
    db.session.add(data)
    db.session.commit()
    return render_template('home.html')

 




Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee



Comments


August 15 2024 by Herbert Janes
Flask Python app....I have changed to scrypt when generating new passwords and it works fine. However, I'm getting the "UserWarning: The 'sha256' password method is deprecated and will be removed in Werkzeug 3.0. Migrate to the 'scrypt' method." on login. How to eliminate this message?

August 16 2024 by Jeremy (moderator)
This probably means that the password stored in the database was created using sha256 instead of scrypt. After updating generate_password_hash method to scrypt you would then want to have users reset their password so that their password gets updated from sha256 to scrypt. I had to add an if / else statement to my authentication code to display some friendly message like "oh no, it looks like your password needs to be reset" if the password in the database was sha256 instead of scrypt.

Add a Comment


Please enter 368f5f in the box below so that we can be sure you are a human.