heckyel/mediagoblin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Replace py-bcrypt with bcrypt.

Browse Source 
Almost a drop-in replacement, only needed some str - byte conversions.

The former has not seen a release since 2013, the latter is active with
a last release on Aug. 16th 2020.

Signed-off-by: Ben Sturmfels <ben@sturm.com.au>
This commit is contained in:
Elisei Roca 2021-09-22 00:00:19 +02:00 committed by Ben Sturmfels
parent 692261d405
commit fe01dd00fb
No known key found for this signature in database
GPG Key ID: 023C05E2C9C068F0
4 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docs/source/siteadmin/relnotes.rst
View File

@ -34,6 +34,7 @@ This chapter has important information about our current and previous releases.
- Set videos to preload="metadata" to prevent upfront download [trac#5625] (Michael McMahon) - Set videos to preload="metadata" to prevent upfront download [trac#5625] (Michael McMahon)
- Add a "Troubleshooting" page to the documentation (Ben Sturmfels) - Add a "Troubleshooting" page to the documentation (Ben Sturmfels)
- Add Ubuntu 20.04 CI build and reinstate Debian 10 CI build (Ben Sturmfels) - Add Ubuntu 20.04 CI build and reinstate Debian 10 CI build (Ben Sturmfels)
- Switch from `py-bcrypt` to `bcrypt` (Elisei Roca)
0.12.0 0.12.0

2
guix-env.scm
View File

@ -207,7 +207,7 @@
("python-openid" ,python-openid) ; For OpenID plugin ("python-openid" ,python-openid) ; For OpenID plugin
("python-pastescript" ,python-pastescript) ("python-pastescript" ,python-pastescript)
("python-pillow" ,python-pillow) ("python-pillow" ,python-pillow)
("python-py-bcrypt" ,python-py-bcrypt) ("python-bcrypt" ,python-bcrypt)
("python-pyld" ,python-pyld) ("python-pyld" ,python-pyld)
("python-pytz" ,python-pytz) ("python-pytz" ,python-pytz)
("python-requests" ,python-requests) ; For batchaddmedia ("python-requests" ,python-requests) ; For batchaddmedia

9
mediagoblin/plugins/basic_auth/tools.py
View File

@ -40,7 +40,7 @@ def bcrypt_check_password(raw_pass, stored_hash, extra_salt=None):
if extra_salt: if extra_salt:
raw_pass = f"{extra_salt}:{raw_pass}" raw_pass = f"{extra_salt}:{raw_pass}"
hashed_pass = bcrypt.hashpw(raw_pass.encode('utf-8'), stored_hash) hashed_pass = bcrypt.hashpw(raw_pass.encode('utf-8'), stored_hash.encode('utf-8'))
# Reduce risk of timing attacks by hashing again with a random # Reduce risk of timing attacks by hashing again with a random
# number (thx to zooko on this advice, which I hopefully # number (thx to zooko on this advice, which I hopefully
@ -66,8 +66,7 @@ def bcrypt_gen_password_hash(raw_pass, extra_salt=None):
if extra_salt: if extra_salt:
raw_pass = f"{extra_salt}:{raw_pass}" raw_pass = f"{extra_salt}:{raw_pass}"
return str( return bcrypt.hashpw(raw_pass.encode('utf-8'), bcrypt.gensalt()).decode()
bcrypt.hashpw(raw_pass.encode('utf-8'), bcrypt.gensalt()))
def fake_login_attempt(): def fake_login_attempt():
@ -81,9 +80,9 @@ def fake_login_attempt():
""" """
rand_salt = bcrypt.gensalt(5) rand_salt = bcrypt.gensalt(5)
hashed_pass = bcrypt.hashpw(str(random.random()), rand_salt) hashed_pass = bcrypt.hashpw(str(random.random()).encode('utf8'), rand_salt)
randplus_stored_hash = bcrypt.hashpw(str(random.random()), rand_salt) randplus_stored_hash = bcrypt.hashpw(str(random.random()).encode('utf8'), rand_salt)
randplus_hashed_pass = bcrypt.hashpw(hashed_pass, rand_salt) randplus_hashed_pass = bcrypt.hashpw(hashed_pass, rand_salt)
randplus_stored_hash == randplus_hashed_pass randplus_stored_hash == randplus_hashed_pass

2
setup.cfg
View File

@ -56,7 +56,7 @@ install_requires =
Markdown Markdown
oauthlib oauthlib
PasteScript PasteScript
py-bcrypt bcrypt
PyLD<2.0.0 # Breaks a Python 3 test if >= 2.0.0. PyLD<2.0.0 # Breaks a Python 3 test if >= 2.0.0.
python-dateutil python-dateutil
pytz pytz