ImportError: cannot import name 'safe_str_cmp' from 'werkzeug.security'
Question:
Any ideas on why I get this error?
My project was working fine. I copied it to an external drive and onto my laptop to work on the road; it worked fine. I copied it back to my desktop and had a load of issues with invalid interpreters etc, so I made a new project and copied just the scripts in, made a new requirements.txt and installed all the packages, but when I run it, I get this error:
Traceback (most recent call last):
File "E:Devspot_newflask_blogrun.py", line 1, in <module>
from flaskblog import app
File "E:Devspot_newflask_blogflaskblog__init__.py", line 3, in <module>
from flask_bcrypt import Bcrypt
File "E:Devspot_newvenvlibsite-packagesflask_bcrypt.py", line 21, in <module>
from werkzeug.security import safe_str_cmp
ImportError: cannot import name 'safe_str_cmp' from 'werkzeug.security' (E:Devspot_newvenvlibsite-packageswerkzeugsecurity.py)
I’ve tried uninstalling Python, Anaconda, PyCharm, deleting every reg key and environment variable I can find that looks pythonic, reinstalling all from scratch but still no dice.
Answers:
Werkzeug released v2.1.0 today, removing werkzeug.security.safe_str_cmp.
You can probably resolve this issue by pinning Werkzeug~=2.0.0 in your requirements.txt file (or similar).
pip install Werkzeug~=2.0.0
After that it is likely that you will also have an AttributeError related to the jinja package, so if you have it, also run:
pip install jinja2~=3.0.3
Werkzeug 2.1.0 release notes recommend using the hmac equivalent. For reference, here is the implementation of safe_str_cmp from wekzeug 2.0.x, and here is a stripped-down version:
import hmac
def safe_str_cmp(a: str, b: str) -> bool:
"""This function compares strings in somewhat constant time. This
requires that the length of at least one string is known in advance.
Returns `True` if the two strings are equal, or `False` if they are not.
"""
if isinstance(a, str):
a = a.encode("utf-8") # type: ignore
if isinstance(b, str):
b = b.encode("utf-8") # type: ignore
return hmac.compare_digest(a, b)
or even more stripped-down one:
import hmac
str_to_bytes = lambda s: s.encode("utf-8") if isinstance(s, str) else s
safe_str_cmp = lambda a, b: hmac.compare_digest(str_to_bytes(a), str_to_bytes(b))
ImportError: cannot import name 'safe_str_cmp' from 'werkzeug.security
To Solve ImportError: cannot import name ‘safe_str_cmp‘ from ‘werkzeug.security‘ Error You can also
Downgrade Werkzeug to 2.0.0
is working fine So you can Just downgrade Werkzeug to 2.0.0 just run this command:
pip install Werkzeug==2.0.0
OR
pip install Werkzeug==2.1.0
now your error must be solved.
The import statement here is due to an outdated version of flask-bcrypt.
You can fix this issue by importing the most recent version of flask-bcrypt, which at time of writing is version 1.0.1:
pip install --upgrade flask-bcrypt
The new version imports and uses hmac, rather than werkzeug’s security for this purpose.
Note: it is very likely that the other answers here were correct at time of writing, I’m not sure on the timeframe for when flask-bcrypt was updated
This issue can also be fixed by upgrading flask_login.
pip install --upgrade flask_login
This worked for me as my error was in falsk_wtf (See the dependent package in your situation , for ex: here it will be flask-bcrypt) :
pip uninstall flask_wtf
pip install flask_wtf
Any ideas on why I get this error?
My project was working fine. I copied it to an external drive and onto my laptop to work on the road; it worked fine. I copied it back to my desktop and had a load of issues with invalid interpreters etc, so I made a new project and copied just the scripts in, made a new requirements.txt and installed all the packages, but when I run it, I get this error:
Traceback (most recent call last):
File "E:Devspot_newflask_blogrun.py", line 1, in <module>
from flaskblog import app
File "E:Devspot_newflask_blogflaskblog__init__.py", line 3, in <module>
from flask_bcrypt import Bcrypt
File "E:Devspot_newvenvlibsite-packagesflask_bcrypt.py", line 21, in <module>
from werkzeug.security import safe_str_cmp
ImportError: cannot import name 'safe_str_cmp' from 'werkzeug.security' (E:Devspot_newvenvlibsite-packageswerkzeugsecurity.py)
I’ve tried uninstalling Python, Anaconda, PyCharm, deleting every reg key and environment variable I can find that looks pythonic, reinstalling all from scratch but still no dice.
Werkzeug released v2.1.0 today, removing werkzeug.security.safe_str_cmp.
You can probably resolve this issue by pinning Werkzeug~=2.0.0 in your requirements.txt file (or similar).
pip install Werkzeug~=2.0.0
After that it is likely that you will also have an AttributeError related to the jinja package, so if you have it, also run:
pip install jinja2~=3.0.3
Werkzeug 2.1.0 release notes recommend using the hmac equivalent. For reference, here is the implementation of safe_str_cmp from wekzeug 2.0.x, and here is a stripped-down version:
import hmac
def safe_str_cmp(a: str, b: str) -> bool:
"""This function compares strings in somewhat constant time. This
requires that the length of at least one string is known in advance.
Returns `True` if the two strings are equal, or `False` if they are not.
"""
if isinstance(a, str):
a = a.encode("utf-8") # type: ignore
if isinstance(b, str):
b = b.encode("utf-8") # type: ignore
return hmac.compare_digest(a, b)
or even more stripped-down one:
import hmac
str_to_bytes = lambda s: s.encode("utf-8") if isinstance(s, str) else s
safe_str_cmp = lambda a, b: hmac.compare_digest(str_to_bytes(a), str_to_bytes(b))
ImportError: cannot import name 'safe_str_cmp' from 'werkzeug.security
To Solve ImportError: cannot import name ‘safe_str_cmp‘ from ‘werkzeug.security‘ Error You can also
Downgrade Werkzeug to 2.0.0
is working fine So you can Just downgrade Werkzeug to 2.0.0 just run this command:
pip install Werkzeug==2.0.0
OR
pip install Werkzeug==2.1.0
now your error must be solved.
The import statement here is due to an outdated version of flask-bcrypt.
You can fix this issue by importing the most recent version of flask-bcrypt, which at time of writing is version 1.0.1:
pip install --upgrade flask-bcrypt
The new version imports and uses hmac, rather than werkzeug’s security for this purpose.
Note: it is very likely that the other answers here were correct at time of writing, I’m not sure on the timeframe for when flask-bcrypt was updated
This issue can also be fixed by upgrading flask_login.
pip install --upgrade flask_login
This worked for me as my error was in falsk_wtf (See the dependent package in your situation , for ex: here it will be flask-bcrypt) :
pip uninstall flask_wtf
pip install flask_wtf