From d15985d81ff1c3b353a48a87189b7847798214c0 Mon Sep 17 00:00:00 2001 From: Tim Graham Date: Sat, 9 Nov 2013 06:36:10 -0500 Subject: [PATCH] Fixed #21398 -- Fixed BCryptSHA256PasswordHasher with py-bcrypt and Python 3. Thanks arjan at anymore.nl for the report. --- django/contrib/auth/hashers.py | 4 +++- docs/releases/1.6.1.txt | 14 ++++++++++++++ docs/releases/index.txt | 1 + 3 files changed, 18 insertions(+), 1 deletion(-) create mode 100644 docs/releases/1.6.1.txt diff --git a/django/contrib/auth/hashers.py b/django/contrib/auth/hashers.py index a211f1e522..a4e8133460 100644 --- a/django/contrib/auth/hashers.py +++ b/django/contrib/auth/hashers.py @@ -322,8 +322,10 @@ class BCryptSHA256PasswordHasher(BasePasswordHasher): # Ensure that our data is a bytestring data = force_bytes(data) + # force_bytes() necessary for py-bcrypt compatibility + hashpw = force_bytes(bcrypt.hashpw(password, data)) - return constant_time_compare(data, bcrypt.hashpw(password, data)) + return constant_time_compare(data, hashpw) def safe_summary(self, encoded): algorithm, empty, algostr, work_factor, data = encoded.split('$', 4) diff --git a/docs/releases/1.6.1.txt b/docs/releases/1.6.1.txt new file mode 100644 index 0000000000..128a2e99c5 --- /dev/null +++ b/docs/releases/1.6.1.txt @@ -0,0 +1,14 @@ +========================== +Django 1.6.1 release notes +========================== + +*Under development* + +This is Django 1.6.1, a bugfix release for Django 1.6. + +... + +Bug fixes +========= + +* Fixed ``BCryptSHA256PasswordHasher`` with py-bcrypt and Python 3 (#21398). diff --git a/docs/releases/index.txt b/docs/releases/index.txt index 897302c5f2..0c80cfb378 100644 --- a/docs/releases/index.txt +++ b/docs/releases/index.txt @@ -30,6 +30,7 @@ Final releases :maxdepth: 1 1.6 + 1.6.1 1.5 release -----------