mirror of
https://github.com/django/django.git
synced 2025-10-23 21:59:11 +00:00
Properly force bytes or str for bcrypt on Python3
This commit is contained in:
@@ -9,7 +9,7 @@ from django.conf import settings
|
||||
from django.test.signals import setting_changed
|
||||
from django.utils import importlib
|
||||
from django.utils.datastructures import SortedDict
|
||||
from django.utils.encoding import force_bytes, force_str
|
||||
from django.utils.encoding import force_bytes, force_str, force_text
|
||||
from django.core.exceptions import ImproperlyConfigured
|
||||
from django.utils.crypto import (
|
||||
pbkdf2, constant_time_compare, get_random_string)
|
||||
@@ -291,7 +291,7 @@ class BCryptSHA256PasswordHasher(BasePasswordHasher):
|
||||
password = force_bytes(password)
|
||||
|
||||
data = bcrypt.hashpw(password, salt)
|
||||
return "%s$%s" % (self.algorithm, data)
|
||||
return "%s$%s" % (self.algorithm, force_text(data))
|
||||
|
||||
def verify(self, password, encoded):
|
||||
algorithm, data = encoded.split('$', 1)
|
||||
@@ -307,6 +307,9 @@ class BCryptSHA256PasswordHasher(BasePasswordHasher):
|
||||
else:
|
||||
password = force_bytes(password)
|
||||
|
||||
# Ensure that our data is a bytestring
|
||||
data = force_bytes(data)
|
||||
|
||||
return constant_time_compare(data, bcrypt.hashpw(password, data))
|
||||
|
||||
def safe_summary(self, encoded):
|
||||
|
Reference in New Issue
Block a user