[Python] byte like object error when checking encrypted passwords (Python)

I am creating an application that requires a user login. The username and password must be stored in a database, but I don't want to store them as plane text. I followed this tutorial on how to store passwords securely on a database. I am using the code from the tutorial except I made some changes to use pyodbc instead of their SQL library.

To create a username and password, I am using this code, which works great and posts to the db:

import pyodbc
import os
import hashlib

PEPPER = "SECRET_KEY"

def create_user(username, password):

conn = pyodbc.connect(
r"Driver={Microsoft Access Driver (*.mdb, *.accdb)};DBQ=" + db_path + ";"
)

cursor = conn.cursor()

# Generate secure hash
password_hash = create_secure_password(password)

# Split hash into components
salt, key = password_hash[:16], password_hash[16:]
hash_algo = "sha256"
iterations = 100_000

# Insert into database
info = (username, key, salt, hash_algo, iterations)
cursor.execute("INSERT INTO Login_Info ([username], [password_hash], [salt], [hash_algo], [iterations] ) VALUES (?, ?, ?, ?, ?)", info)

conn.commit()
conn.close()

def create_secure_password(password):
salt = os.urandom(16)
iterations = 100_000
hash_value = hashlib.pbkdf2_hmac('sha256',password.encode('utf-8') + PEPPER.encode('utf-8'), salt, iterations)
password_hash = salt + hash_value
return password_hash


The database entry shows up like this: Username and password in the db

However, when I use the method to check a username and password against the database, I get this error: TypeError: a bytes-like object is required, not 'str'

The error is for this line of code, which I believe converts the entered password into a hash to compare with the database hash password_hash = hashlib.pbkdf2_hmac(hash_algo, password.encode('utf-8'), salt, iterations)

The full code for the login method is as follows:

def login(username, password):
#connect to DB
conn = pyodbc.connect(
r"Driver={Microsoft Access Driver (*.mdb, *.accdb)};DBQ=" + db_path + ";"
)

cursor = conn.cursor()

# Define your SQL query
select_sql = "SELECT * FROM Login_Info WHERE username = ?"

# Execute the query using the cursor
cursor.execute(select_sql, (username,))

# Fetch one row of result
account = cursor.fetchone()


if not account:
print("Invalid username")
return

salt, db_key, hash_algo, iterations = account[2:6]



# Recompute hash from user entered password
password_hash = hashlib.pbkdf2_hmac(hash_algo, password.encode('utf-8'), salt, iterations)

# Compare hashes
if password_hash == db_key:
print("Login successful")
else:
print("Invalid password")


I have tried finding other resources online, but couldn't find anyone with this exact problem

Continue reading...