aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDerek Moore <derek.k.moore@gmail.com>2012-03-12 16:02:42 -0700
committerDerek Moore <derek.k.moore@gmail.com>2012-03-12 16:02:42 -0700
commit20a3e278bc237a4e23606cc2fc2f800f6a8dbc25 (patch)
tree4acfb9400abb279a6a7894727bec14088edce40a
parentdd0799ad0a0eb4c8792906c5fb1975bea446fc66 (diff)
downloadmediagoblin-20a3e278bc237a4e23606cc2fc2f800f6a8dbc25.tar.lz
mediagoblin-20a3e278bc237a4e23606cc2fc2f800f6a8dbc25.tar.xz
mediagoblin-20a3e278bc237a4e23606cc2fc2f800f6a8dbc25.zip
Changes for 293. Tests pass, encode UTF8 on password on registration (and also for subsequent logins once the user is created) is working.
-rw-r--r--mediagoblin/auth/lib.py5
1 files changed, 3 insertions, 2 deletions
diff --git a/mediagoblin/auth/lib.py b/mediagoblin/auth/lib.py
index 1136a252..ddb58fe6 100644
--- a/mediagoblin/auth/lib.py
+++ b/mediagoblin/auth/lib.py
@@ -42,7 +42,7 @@ def bcrypt_check_password(raw_pass, stored_hash, extra_salt=None):
if extra_salt:
raw_pass = u"%s:%s" % (extra_salt, raw_pass)
- hashed_pass = bcrypt.hashpw(raw_pass, stored_hash)
+ hashed_pass = bcrypt.hashpw(raw_pass.encode('utf-8'), stored_hash)
# Reduce risk of timing attacks by hashing again with a random
# number (thx to zooko on this advice, which I hopefully
@@ -68,7 +68,8 @@ def bcrypt_gen_password_hash(raw_pass, extra_salt=None):
if extra_salt:
raw_pass = u"%s:%s" % (extra_salt, raw_pass)
- return unicode(bcrypt.hashpw(raw_pass, bcrypt.gensalt()))
+ return unicode(
+ bcrypt.hashpw(raw_pass.encode('utf-8'), bcrypt.gensalt()))
def fake_login_attempt():