Fixed #21398 -- Fixed BCryptSHA256PasswordHasher with py-bcrypt and Python 3.

Thanks arjan at anymore.nl for the report.
2013-11-09 06:36:10 -05:00 · 2013-11-09 06:36:10 -05:00 · d15985d81f
parent af2dc4ebb8
commit d15985d81f
3 changed files with 18 additions and 1 deletions
--- a/django/contrib/auth/hashers.py
+++ b/django/contrib/auth/hashers.py
@ -322,8 +322,10 @@ class BCryptSHA256PasswordHasher(BasePasswordHasher):

        # Ensure that our data is a bytestring
        data = force_bytes(data)
+        # force_bytes() necessary for py-bcrypt compatibility
+        hashpw = force_bytes(bcrypt.hashpw(password, data))

-        return constant_time_compare(data, bcrypt.hashpw(password, data))
+        return constant_time_compare(data, hashpw)

    def safe_summary(self, encoded):
        algorithm, empty, algostr, work_factor, data = encoded.split('$', 4)
--- a/docs/releases/1.6.1.txt
+++ b/docs/releases/1.6.1.txt
@ -0,0 +1,14 @@
+==========================
+Django 1.6.1 release notes
+==========================
+
+*Under development*
+
+This is Django 1.6.1, a bugfix release for Django 1.6.
+
+...
+
+Bug fixes
+=========
+
+* Fixed ``BCryptSHA256PasswordHasher`` with py-bcrypt and Python 3 (#21398).
--- a/docs/releases/index.txt
+++ b/docs/releases/index.txt
@ -30,6 +30,7 @@ Final releases
   :maxdepth: 1

   1.6
+   1.6.1

 1.5 release
 -----------