Ok I tried to convert the password into a password hash prior to storing it into the session, however, I am getting this error:

AttributeError: module 'hashlib' has no attribute 'pbkdf2_hmac'

Here is my code:
import hashlib

`def generateKeyDict(username, password, *salt):
if username is None or len(username.strip()) == 0:
raise TypeError('Username not provided')

if password is None or len(password.strip()) == 0:raise TypeError('Password not provided')keyDict = {}    if salt is None:  salt = os.urandom(RANDOM_LIMIT) # 16keyDict['username'] = username.strip()keyDict['hash_algo'] = HASH_ALGO # ""keyDict['iterations'] = ITERATIONS # 100000keyDict['salt'] = salthashValue = hashlib.pbkdf2_hmac(SHA_256, password.encode(UTF_8), salt, ITERATIONS)keyDict['password_hash'] = salt + hashValuereturn keyDict`

Not sure what is going on here, unless hashlib.pbkdf2_hmac is incorrect in spite ofhttps://www.askpython.com/python/examples/storing-retrieving-passwords-securely

Also, please ignore the indentations; this editor is creating them in spite of my using tabs to do so in my IDE

Thanks

Also, for this particular web portal, for now, there is only one user, and there are no plans for additional ones, hence the session with the password hash and not a database for multiple users

I now keep getting the error

No such attribute 'pbkdf2_hmac'

Each time I try to use it in PyScript to encode my password securely prior to storing it.

I don't know what to do.

`def generateKeyDict(username, password, *salt):
if username is None or len(username.strip()) == 0:
raise TypeError('Username not provided')

if password is None or len(password.strip()) == 0:raise TypeError('Password not provided')keyDict = {}if salt is None or len(salt) == 0:salt = os.urandom(RANDOM_LIMIT)keyDict['username'] = username.strip()keyDict['salt'] = saltprint(type(password.encode(UTF_8)))print(type(salt))hashValue = hashlib.pbkdf2_hmac(SHA_256, password.encode(UTF_8), salt * 2, ITERATIONS)#hashValueTuple = hashlib.sha256(salt + password.encode())keyDict['password_hash'] = salt + hashValuereturn keyDict`

This conversation is not going forward well ... I've asked how you are storing credentials and you are showing me errors unrelated to this project ... how can we help? packages used with PyScript are not provided by PyScript, as example, so if you have any issue withhashlib you should ask details, file issues, or read more wherehashlib is provided, which is likely via thePyodide project.

The conversation isn't going well because of my disability which renders my ability to communicate extremely difficult to understand by many in the outside world, so I humbly apologize for my shortcomings and will try to make this as clear as I possibly can given the circumstances:

I am writing my own homemade content management application web portal in PyScript. Currently all it should be able to do is handle login requests and signup requests until further notice. It will reside on my laptop. Only I will use it and no one else.

I realize that the easiest and most basic methodology to handle login credentials is to use a database platform with a table that stores usernames, password hashes, salts, emails, etc.; I also realize that PyScript currently has no ability to interact with MySQL (import mysql.connector fails even after "pip install mysql"), so what I did was to build a PHP-based stub on my IIS platform that will perform the MySQL heavy lifting for me and return a JSON array string with the data I need (again, password hash).

So now I have my PyScript front-end that needs to do a fetch onto the PHP side on IIS, all on my laptop (PyScript is "http://localhost:8000"; PHP is "http://localhost/cma").

The fetch fails due to CORS errors. I have tried everything I can think of, including creating an API Proxy on PyScript.com, but I don't know how to tellhttp://localhost:8000 to go to the API Proxy on PyScript.com to tell it to pass the football ontohttp://localhost/cma.

This is the code I am using that fails:

`import asyncio, logging
#from pyodide.http import pyfetch
from js import JSON
from pyscript import fetch
import ast, sys

'''
MySQL is not accessible via PyScript, therefore, you will have to do a URL scrape to a PHP stub on the IIS web server that can access
MySQL for you and perform necessary tasks to return to the PyScript-based CMA

Re: https://stackoverflow.com/questions/75054667/pyscript-website-showing-no-module-named-mysql

'''

def getLoginCredz(username):
logger = logging.getLogger(name)
if username is None or len(username.strip()) == 0:
error = 'username not provided for getLoginCredz()'
logger.error(error)
raise EOFError(error)

# CHECK IN SESSION FIRSTjson = ast.literal_eval(window.localStorage.getItem(CREDZ)) if window.localStorage.getItem(CREDZ) is not None else {}if json is None or len(json) == 0:# NO SESSION, GET CREDZ FROM DBtry:loop = asyncio.get_event_loop()loop.set_exception_handler(None)loop.run_until_complete(getUrlBody(LOGIN_SELECT_URL + username))print(JSON.stringify(json))except:pass

async def getUrlBody(url):
logger = logging.getLogger(name)
if url is None or len(url.strip()) == 0:
error = 'url not provided for getUrlBody()'
logger.error(error)
raise EOFError(error)

global jsonjson = ''try:#json = await fetch(url, method="GET").json()json = await fetch(url, dict={'method': 'GET','headers': {'Content-Type': 'text/html','Access-Control-Allow-Origin': '*'}}).json()except PythonError as pythonError:logger.error(pythonError)print("PythonError")raiseexcept NameError as error:logger.error(error)print("NameError!")raiseexcept TypeError as error2:logger.error(error2)print("TypeError!")raiseexcept:print('Something went wrong')sys.exit(1)`

may I ask why are you using Pyscript .com to communicate with your own localhost based infrastructure? Wouldn't it be better to simply host your solution within your network boundaries, i.e. via your device IP address?

I am struggling to see the whole picture here, what are the end points, where are these endpoints, but most importantly, how you expect a public site (PyScript .com or any other) to directly interact with your local environment and I know you can do that but it needs you registering your own domain and point that domain at your own internal (and static) IP address within your network (plus the port, if different from 80) but it looks like you are trying to do things that are not meant to be done in a secure way and when that happens, the browsers and the Web standards will fight you back at any move (rightly so, it's a secure platform, after all, non-secure things should bever be easy to happen).

That being said, this discussion is rather a request for help creating your own application but it doesn't provide pages and files or a way to setup and test or help you forward so I strongly suggest you to create a GitHub repository anyone can clone and try with, eventually, a counter Pyscript .com page/link/app one can test/try once the whole thing starts/runs or it's nearly impossible to follow issues or help this way and it's not a PyScript strictly related discussion neither so I am not sure what we could do here to help.

P.S. one thing I've recently learned if you fetch127.0.0.1 the browser would let you do that as if it was a proper site ... maybe that works better than reaching ourlocalhost but I am not sure I have the whole picture in mind ... just a possible hint though and yes, your server must always provide the right headers for both GET, POST or other HTTP verbs or your browser won't let you do what you are trying to do.