diff options
| author | Elisei Roca <eroca@mailbox.org> | 2021-09-22 00:00:19 +0200 |
|---|---|---|
| committer | Ben Sturmfels <ben@sturm.com.au> | 2021-10-11 21:57:40 +1100 |
| commit | fe01dd00fbebbf46f8cab552b89c402124541cab (patch) | |
| tree | dd11a718c1515236c2932c996a7f43c74bf922f2 | |
| parent | 692261d4057ba59d5642fe218c5703950282578d (diff) | |
| download | mediagoblin-fe01dd00fbebbf46f8cab552b89c402124541cab.tar.lz mediagoblin-fe01dd00fbebbf46f8cab552b89c402124541cab.tar.xz mediagoblin-fe01dd00fbebbf46f8cab552b89c402124541cab.zip | |
Replace py-bcrypt with bcrypt.
Almost a drop-in replacement, only needed some str - byte conversions.
The former has not seen a release since 2013, the latter is active with
a last release on Aug. 16th 2020.
Signed-off-by: Ben Sturmfels <ben@sturm.com.au>
| -rw-r--r-- | docs/source/siteadmin/relnotes.rst | 1 | ||||
| -rw-r--r-- | guix-env.scm | 2 | ||||
| -rw-r--r-- | mediagoblin/plugins/basic_auth/tools.py | 9 | ||||
| -rw-r--r-- | setup.cfg | 2 |
4 files changed, 7 insertions, 7 deletions
diff --git a/docs/source/siteadmin/relnotes.rst b/docs/source/siteadmin/relnotes.rst index 09513740..62603392 100644 --- a/docs/source/siteadmin/relnotes.rst +++ b/docs/source/siteadmin/relnotes.rst @@ -34,6 +34,7 @@ This chapter has important information about our current and previous releases. - Set videos to preload="metadata" to prevent upfront download [trac#5625] (Michael McMahon) - Add a "Troubleshooting" page to the documentation (Ben Sturmfels) - Add Ubuntu 20.04 CI build and reinstate Debian 10 CI build (Ben Sturmfels) +- Switch from `py-bcrypt` to `bcrypt` (Elisei Roca) 0.12.0 diff --git a/guix-env.scm b/guix-env.scm index efe400ac..b0c0a171 100644 --- a/guix-env.scm +++ b/guix-env.scm @@ -207,7 +207,7 @@ ("python-openid" ,python-openid) ; For OpenID plugin ("python-pastescript" ,python-pastescript) ("python-pillow" ,python-pillow) - ("python-py-bcrypt" ,python-py-bcrypt) + ("python-bcrypt" ,python-bcrypt) ("python-pyld" ,python-pyld) ("python-pytz" ,python-pytz) ("python-requests" ,python-requests) ; For batchaddmedia diff --git a/mediagoblin/plugins/basic_auth/tools.py b/mediagoblin/plugins/basic_auth/tools.py index 5b89e51b..fcc00b72 100644 --- a/mediagoblin/plugins/basic_auth/tools.py +++ b/mediagoblin/plugins/basic_auth/tools.py @@ -40,7 +40,7 @@ def bcrypt_check_password(raw_pass, stored_hash, extra_salt=None): if extra_salt: raw_pass = f"{extra_salt}:{raw_pass}" - hashed_pass = bcrypt.hashpw(raw_pass.encode('utf-8'), stored_hash) + hashed_pass = bcrypt.hashpw(raw_pass.encode('utf-8'), stored_hash.encode('utf-8')) # Reduce risk of timing attacks by hashing again with a random # number (thx to zooko on this advice, which I hopefully @@ -66,8 +66,7 @@ def bcrypt_gen_password_hash(raw_pass, extra_salt=None): if extra_salt: raw_pass = f"{extra_salt}:{raw_pass}" - return str( - bcrypt.hashpw(raw_pass.encode('utf-8'), bcrypt.gensalt())) + return bcrypt.hashpw(raw_pass.encode('utf-8'), bcrypt.gensalt()).decode() def fake_login_attempt(): @@ -81,9 +80,9 @@ def fake_login_attempt(): """ rand_salt = bcrypt.gensalt(5) - hashed_pass = bcrypt.hashpw(str(random.random()), rand_salt) + hashed_pass = bcrypt.hashpw(str(random.random()).encode('utf8'), rand_salt) - randplus_stored_hash = bcrypt.hashpw(str(random.random()), rand_salt) + randplus_stored_hash = bcrypt.hashpw(str(random.random()).encode('utf8'), rand_salt) randplus_hashed_pass = bcrypt.hashpw(hashed_pass, rand_salt) randplus_stored_hash == randplus_hashed_pass @@ -56,7 +56,7 @@ install_requires = Markdown oauthlib PasteScript - py-bcrypt + bcrypt PyLD<2.0.0 # Breaks a Python 3 test if >= 2.0.0. python-dateutil pytz |