Masonite Documentation
v4.0
v4.0
  • Introduction and Installation
  • Prologue
    • Creating A Blog Tutorial
    • Release Cycle
    • Contributing Guide
    • How To Contribute
  • The Basics
    • Routing
    • Controllers
    • Middleware
    • Response
    • Request
    • Static Files
    • Views
    • Environments
    • Configuration
    • Error Handling
  • Features
    • API Development
    • Authentication
    • Authorization
    • Broadcasting
    • Caching
    • Compiling Assets
    • Commands
    • CSRF Protection
    • Events
    • Facades
    • Filesystem and Uploading
    • Hash ID's
    • Helpers
    • Mail
    • Notifications
    • Package Development
    • Queues and Jobs
    • Rate Limiting
    • Sessions
    • Task Scheduling
    • Tinker Shell (REPL)
    • Validation
  • Architecture
    • Service Providers
    • Service Container
  • Security
    • CORS
    • Hashing
  • Masonite ORM
    • To Masonite ORM Docs
  • Testing
    • Getting Started
    • HTTP Tests
    • Database Tests
    • Commands Tests
    • Console Tests
    • Mocking
    • Extending
  • Official Packages
    • Masonite Debugbar
  • How-to Guides
    • Handling AJAX requests with expired authentication
    • Build Email Verification from Scratch With Masonite Framework and JSON Web Tokens
    • Deploying a Masonite Application to Heroku
    • How To Deploy Masonite to PythonAnywhere
    • How-To: Use RabbitMQ with Masonite 2.0 queues
    • How To Use The Repository Pattern with Masonite
    • Making Masonite and Laravel Mix work together
  • What's New
    • Masonite 1.3
    • Masonite 1.4
    • Masonite 1.5
    • Masonite 1.6
    • Masonite 2.0
    • Masonite 2.1
    • Masonite 2.2
    • Masonite 2.3
    • Masonite 3.0
  • Upgrade Guide
    • Masonite 1.3 to 1.4
    • Masonite 1.4 to 1.5
    • Masonite 1.5 to 1.6
    • Masonite 1.6 to 2.0
    • Masonite 2.0 to 2.1
    • Masonite 2.1 to 2.2
    • Masonite 2.2 to 2.3
    • Masonite 2.3 to 3.0
    • Masonite 3.0 to 4.0
Powered by GitBook
On this page
  • Configuration
  • Hashing a string
  • Checking a string matches a Hash
  • Verifying a Hash needs to be re-hashed
  • Options
Edit on GitHub
Export as PDF
  1. Security

Hashing

Masonite provides secure hashing for storing user passwords or other data. Bcrypt and Argon2 protocols can be used with Masonite (default is Bcrypt).

Configuration

Hashing configuration is located at config/application.py file. In this file, you can configure which protocol to use.

config/application.py
HASHING = {
    "default": "bcrypt",
    "bcrypt": {"rounds": 10},
    "argon2": {"memory": 1024, "threads": 2, "time": 2},
}

Hashing a string

You can use the Hash facade to easily hash a string (e.g. a password):

from masonite.facades import Hash

Hash.make("secret") #== $2b$10$3Nm9sWFYhi.GUJ...

Note that you can return a hash as bytes with:

from masonite.facades import Hash

Hash.make_bytes("secret") #== b"$2b$10$3Nm9sWFYhi.GUJ..."

Checking a string matches a Hash

To check that a plain-text string corresponds to a given hash you can do:

from masonite.facades import Hash

Hash.check("secret", "$2b$10$3Nm9sWFYhi.GUJ...") #== True

Verifying a Hash needs to be re-hashed

You can determine if the work factor used by the hashing protocol has changed since the string was hashed using needs_rehash:

from masonite.facades import Hash

Hash.needs_rehash("$2b$10$3Nm9sWFYhi.GUJ...") #== True

Options

You can change hashing protocol configuration on the fly for all Hash methods:

from masonite.facades import Hash

Hash.make("secret", options={"rounds": 5})

You can also change protocol on the fly:

from masonite.facades import Hash

Hash.make("secret", driver="argon2", options={"memory": 512, "threads": 8, "time": 2})
PreviousCORSNextGetting Started

Last updated 2 years ago