This Flask appn demonstrates user authentication and authorization using various methods such as Basic Auth, Bearer Token and bcrpyt for password hashing.
This project showcases user authentication and authorization features implemented in a Flask application. It includes functionalities for user sign-up, login, and access control to protected routes.
- Clone the Repository:
git clone https://github.com/VineetDabholkar2002.git
- Navigate to the Project Directory:
cd App
- Install Dependencies:
pip install -r requirements.txt
- Run the Application:
python BasicAuth.py
- Access the Application:
Open your web browser and navigate to
http://localhost:8080
.
app.py
: Contains the Flask application logic, routes, and authentication functionalities.templates/
: Directory containing HTML templates for login, signup, and main pages.users.json
: File storing user information, including hashed passwords and salts.
-
Sign Up:
- Visit
/signup
to create a new account with a unique username and password.
- Visit
-
Login:
- Use
/login
to log in using Basic Auth.\
- Use
-
Protected Route:
- Access
/main
after successful login to view protected content (in this case you will be routed to Google.com. Unauthorized access will display an error message.
- Access
-
Authentication Tokens:
- Bearer Tokens are generated and verified for user authentication during login. Also they can be set to expire after a certain period of time
This application utilizes bcrypt for secure password hashing and storage:
- bcrypt is a password-hashing function designed to securely hash passwords for storage.
- It employs a strong one-way hashing algorithm, making it computationally intensive and thereby resistant to brute-force attacks.
- It generates a salted hash of the password, making each hash unique and preventing rainbow table attacks.
- The computational intensity helps mitigate password cracking attempts by slowing down the hashing process.
- Bcrypt's resistance to brute-force attacks and its adaptive nature (allowing for increasing computational complexity over time) make it a preferred choice for secure password hashing.