heckyel/mediagoblin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'derek-moore/bug293_non_ascii_password'

Browse Source
This commit is contained in:
Christopher Allan Webber 2012-03-12 18:19:03 -05:00
commit 1f36e6bee9
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
mediagoblin/auth/lib.py
View File

@ -42,7 +42,7 @@ def bcrypt_check_password(raw_pass, stored_hash, extra_salt=None):
if extra_salt:
raw_pass = u"%s:%s" % (extra_salt, raw_pass)
hashed_pass = bcrypt.hashpw(raw_pass, stored_hash)
hashed_pass = bcrypt.hashpw(raw_pass.encode('utf-8'), stored_hash)
# Reduce risk of timing attacks by hashing again with a random
# number (thx to zooko on this advice, which I hopefully
@ -68,7 +68,8 @@ def bcrypt_gen_password_hash(raw_pass, extra_salt=None):
if extra_salt:
raw_pass = u"%s:%s" % (extra_salt, raw_pass)
return unicode(bcrypt.hashpw(raw_pass, bcrypt.gensalt()))
return unicode(
bcrypt.hashpw(raw_pass.encode('utf-8'), bcrypt.gensalt()))
def fake_login_attempt():