heckyel/mediagoblin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Changes for 293. Tests pass, encode UTF8 on password on registration (and also for subsequent logins once the user is created) is working.

Browse Source
This commit is contained in:
Derek Moore 2012-03-12 16:02:42 -07:00
parent dd0799ad0a
commit 20a3e278bc
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
mediagoblin/auth/lib.py
View File

@ -42,7 +42,7 @@ def bcrypt_check_password(raw_pass, stored_hash, extra_salt=None):
if extra_salt:
raw_pass = u"%s:%s" % (extra_salt, raw_pass)
hashed_pass = bcrypt.hashpw(raw_pass, stored_hash)
hashed_pass = bcrypt.hashpw(raw_pass.encode('utf-8'), stored_hash)
# Reduce risk of timing attacks by hashing again with a random
# number (thx to zooko on this advice, which I hopefully
@ -68,7 +68,8 @@ def bcrypt_gen_password_hash(raw_pass, extra_salt=None):
if extra_salt:
raw_pass = u"%s:%s" % (extra_salt, raw_pass)
return unicode(bcrypt.hashpw(raw_pass, bcrypt.gensalt()))
return unicode(
bcrypt.hashpw(raw_pass.encode('utf-8'), bcrypt.gensalt()))
def fake_login_attempt():