[PATCH mediagoblin] Replace py-bcrypt with bcrypt

mediagoblin-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH mediagoblin] Replace py-bcrypt with bcrypt

From:	~eroca
Subject:	[PATCH mediagoblin] Replace py-bcrypt with bcrypt
Date:	Sat, 09 Oct 2021 12:27:12 -0000

From: Elisei Roca <eroca@mailbox.org>

Almost a drop-in replacement, only needed some str - byte conversions.

The former has not seen a release since 2013, the latter is active with
a last release on Aug. 16th 2020.
---
 mediagoblin/plugins/basic_auth/tools.py | 10 ++++++----
 setup.cfg                               |  2 +-
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/mediagoblin/plugins/basic_auth/tools.py 
b/mediagoblin/plugins/basic_auth/tools.py
index 5b89e51b..1f0fa0ee 100644
--- a/mediagoblin/plugins/basic_auth/tools.py
+++ b/mediagoblin/plugins/basic_auth/tools.py
@@ -40,6 +40,9 @@ def bcrypt_check_password(raw_pass, stored_hash, 
extra_salt=None):
     if extra_salt:
         raw_pass = f"{extra_salt}:{raw_pass}"
 
+    # stored_hash is string and must be converted to bytes
+    stored_hash = stored_hash.encode('utf-8')
+
     hashed_pass = bcrypt.hashpw(raw_pass.encode('utf-8'), stored_hash)
 
     # Reduce risk of timing attacks by hashing again with a random
@@ -66,8 +69,7 @@ def bcrypt_gen_password_hash(raw_pass, extra_salt=None):
     if extra_salt:
         raw_pass = f"{extra_salt}:{raw_pass}"
 
-    return str(
-        bcrypt.hashpw(raw_pass.encode('utf-8'), bcrypt.gensalt()))
+    return bcrypt.hashpw(raw_pass.encode('utf-8'), bcrypt.gensalt()).decode()
 
 
 def fake_login_attempt():
@@ -81,9 +83,9 @@ def fake_login_attempt():
     """
     rand_salt = bcrypt.gensalt(5)
 
-    hashed_pass = bcrypt.hashpw(str(random.random()), rand_salt)
+    hashed_pass = bcrypt.hashpw(str(random.random()).encode('utf8'), rand_salt)
 
-    randplus_stored_hash = bcrypt.hashpw(str(random.random()), rand_salt)
+    randplus_stored_hash = bcrypt.hashpw(str(random.random()).encode('utf8'), 
rand_salt)
     randplus_hashed_pass = bcrypt.hashpw(hashed_pass, rand_salt)
 
     randplus_stored_hash == randplus_hashed_pass
diff --git a/setup.cfg b/setup.cfg
index 5f9f0408..fb7d8c03 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -56,7 +56,7 @@ install_requires =
     Markdown
     oauthlib
     PasteScript
-    py-bcrypt
+    bcrypt
     PyLD<2.0.0  # Breaks a Python 3 test if >= 2.0.0.
     python-dateutil
     pytz
-- 
2.32.0

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH mediagoblin] Replace py-bcrypt with bcrypt, ~eroca <=
- Re: [PATCH mediagoblin] Replace py-bcrypt with bcrypt, Elisei Roca, 2021/10/09
- Re: [PATCH mediagoblin] Replace py-bcrypt with bcrypt, Elisei Roca, 2021/10/09
- Re: [PATCH mediagoblin] Replace py-bcrypt with bcrypt, Ben Sturmfels, 2021/10/11

Prev by Date: Re: processing files that are put on the server using SFTP
Next by Date: Re: [PATCH mediagoblin] Replace py-bcrypt with bcrypt
Previous by thread: MediaGoblin with bcrypt
Next by thread: Re: [PATCH mediagoblin] Replace py-bcrypt with bcrypt
Index(es):
- Date
- Thread