diff options
Diffstat (limited to 'mediagoblin/auth')
| -rw-r--r-- | mediagoblin/auth/lib.py | 5 | ||||
| -rw-r--r-- | mediagoblin/auth/views.py | 9 |
2 files changed, 9 insertions, 5 deletions
diff --git a/mediagoblin/auth/lib.py b/mediagoblin/auth/lib.py index 1136a252..ddb58fe6 100644 --- a/mediagoblin/auth/lib.py +++ b/mediagoblin/auth/lib.py @@ -42,7 +42,7 @@ def bcrypt_check_password(raw_pass, stored_hash, extra_salt=None): if extra_salt: raw_pass = u"%s:%s" % (extra_salt, raw_pass) - hashed_pass = bcrypt.hashpw(raw_pass, stored_hash) + hashed_pass = bcrypt.hashpw(raw_pass.encode('utf-8'), stored_hash) # Reduce risk of timing attacks by hashing again with a random # number (thx to zooko on this advice, which I hopefully @@ -68,7 +68,8 @@ def bcrypt_gen_password_hash(raw_pass, extra_salt=None): if extra_salt: raw_pass = u"%s:%s" % (extra_salt, raw_pass) - return unicode(bcrypt.hashpw(raw_pass, bcrypt.gensalt())) + return unicode( + bcrypt.hashpw(raw_pass.encode('utf-8'), bcrypt.gensalt())) def fake_login_attempt(): diff --git a/mediagoblin/auth/views.py b/mediagoblin/auth/views.py index 9af89c2a..71a5f379 100644 --- a/mediagoblin/auth/views.py +++ b/mediagoblin/auth/views.py @@ -60,7 +60,9 @@ def register(request): if request.method == 'POST' and register_form.validate(): # TODO: Make sure the user doesn't exist already username = unicode(request.POST['username'].lower()) - email = unicode(request.POST['email'].lower()) + em_user, em_dom = unicode(request.POST['email']).split("@", 1) + em_dom = em_dom.lower() + email = em_user + "@" + em_dom users_with_username = request.db.User.find( {'username': username}).count() users_with_email = request.db.User.find( @@ -118,7 +120,7 @@ def login(request): login_failed = False if request.method == 'POST' and login_form.validate(): - user = request.db.User.one( + user = request.db.User.find_one( {'username': request.POST['username'].lower()}) if user and user.check_login(request.POST['password']): @@ -234,7 +236,8 @@ def forgot_password(request): Sends an email with an url to renew forgotten password """ - fp_form = auth_forms.ForgotPassForm(request.POST) + fp_form = auth_forms.ForgotPassForm(request.POST, + username=request.GET.get('username')) if request.method == 'POST' and fp_form.validate(): |