ImportError: cannot import name 'safe_str_cmp' from 'werkzeug.security'

Question

Any ideas on why I get this error?

My project was working fine. I copied it to an external drive and onto my laptop to work on the road; it worked fine. I copied it back to my desktop and had a load of issues with invalid interpreters etc, so I made a new project and copied just the scripts in, made a new requirements.txt and installed all the packages, but when I run it, I get this error:

Traceback (most recent call last):
  File "E:\Dev\spot_new\flask_blog\run.py", line 1, in <module>
    from flaskblog import app
  File "E:\Dev\spot_new\flask_blog\flaskblog\__init__.py", line 3, in <module>
    from flask_bcrypt import Bcrypt
  File "E:\Dev\spot_new\venv\lib\site-packages\flask_bcrypt.py", line 21, in <module>
    from werkzeug.security import safe_str_cmp
ImportError: cannot import name 'safe_str_cmp' from 'werkzeug.security' (E:\Dev\spot_new\venv\lib\site-packages\werkzeug\security.py)

I've tried uninstalling Python, Anaconda, PyCharm, deleting every reg key and environment variable I can find that looks pythonic, reinstalling all from scratch but still no dice.

Answer 1

Werkzeug今天发布了v2.1.0werkzeug.security.safe_str_cmp ，删除了.

您可以通过固定Werkzeug~=2.0.0您的requirements.txt 文件（或类似文件）来解决此问题。

pip install Werkzeug~=2.0.0

之后，您很可能还会遇到与 jinja 包相关的 AttributeError，因此，如果您有它，也请运行：

pip install jinja2~=3.0.3

Answer 2

这个问题也可以通过升级flask_login来解决。

pip install --upgrade flask_login

Answer 3

Werkzeug 2.1.0 发行说明建议使用hmac等效项。作为参考，这里是 wekzeug 2.0.x 的实现safe_str_cmp，这是一个精简版本：

import hmac

def safe_str_cmp(a: str, b: str) -> bool:
    """This function compares strings in somewhat constant time. This
    requires that the length of at least one string is known in advance.

    Returns `True` if the two strings are equal, or `False` if they are not.
    """

    if isinstance(a, str):
        a = a.encode("utf-8")  # type: ignore

    if isinstance(b, str):
        b = b.encode("utf-8")  # type: ignore

    return hmac.compare_digest(a, b)

甚至更精简的：

import hmac
str_to_bytes = lambda s: s.encode("utf-8") if isinstance(s, str) else s
safe_str_cmp = lambda a, b: hmac.compare_digest(str_to_bytes(a), str_to_bytes(b))