diff options
| author | Christopher Allan Webber <cwebber@dustycloud.org> | 2012-03-12 18:19:03 -0500 |
|---|---|---|
| committer | Christopher Allan Webber <cwebber@dustycloud.org> | 2012-03-12 18:19:03 -0500 |
| commit | 1f36e6bee969fff96bb925673c045983618b60d0 (patch) | |
| tree | dda4249428f5231fada2a385cd6efe711b7b3290 /mediagoblin/auth/lib.py | |
| parent | 84812db59dcc7ba476191678a8bb0e1829f3f607 (diff) | |
| parent | 20a3e278bc237a4e23606cc2fc2f800f6a8dbc25 (diff) | |
| download | mediagoblin-1f36e6bee969fff96bb925673c045983618b60d0.tar.lz mediagoblin-1f36e6bee969fff96bb925673c045983618b60d0.tar.xz mediagoblin-1f36e6bee969fff96bb925673c045983618b60d0.zip | |
Merge remote-tracking branch 'derek-moore/bug293_non_ascii_password'
Diffstat (limited to 'mediagoblin/auth/lib.py')
| -rw-r--r-- | mediagoblin/auth/lib.py | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/mediagoblin/auth/lib.py b/mediagoblin/auth/lib.py index 1136a252..ddb58fe6 100644 --- a/mediagoblin/auth/lib.py +++ b/mediagoblin/auth/lib.py @@ -42,7 +42,7 @@ def bcrypt_check_password(raw_pass, stored_hash, extra_salt=None): if extra_salt: raw_pass = u"%s:%s" % (extra_salt, raw_pass) - hashed_pass = bcrypt.hashpw(raw_pass, stored_hash) + hashed_pass = bcrypt.hashpw(raw_pass.encode('utf-8'), stored_hash) # Reduce risk of timing attacks by hashing again with a random # number (thx to zooko on this advice, which I hopefully @@ -68,7 +68,8 @@ def bcrypt_gen_password_hash(raw_pass, extra_salt=None): if extra_salt: raw_pass = u"%s:%s" % (extra_salt, raw_pass) - return unicode(bcrypt.hashpw(raw_pass, bcrypt.gensalt())) + return unicode( + bcrypt.hashpw(raw_pass.encode('utf-8'), bcrypt.gensalt())) def fake_login_attempt(): |