[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH mediagoblin] Replace py-bcrypt with bcrypt
From: |
~eroca |
Subject: |
[PATCH mediagoblin] Replace py-bcrypt with bcrypt |
Date: |
Sat, 09 Oct 2021 12:27:12 -0000 |
From: Elisei Roca <eroca@mailbox.org>
Almost a drop-in replacement, only needed some str - byte conversions.
The former has not seen a release since 2013, the latter is active with
a last release on Aug. 16th 2020.
---
mediagoblin/plugins/basic_auth/tools.py | 10 ++++++----
setup.cfg | 2 +-
2 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/mediagoblin/plugins/basic_auth/tools.py
b/mediagoblin/plugins/basic_auth/tools.py
index 5b89e51b..1f0fa0ee 100644
--- a/mediagoblin/plugins/basic_auth/tools.py
+++ b/mediagoblin/plugins/basic_auth/tools.py
@@ -40,6 +40,9 @@ def bcrypt_check_password(raw_pass, stored_hash,
extra_salt=None):
if extra_salt:
raw_pass = f"{extra_salt}:{raw_pass}"
+ # stored_hash is string and must be converted to bytes
+ stored_hash = stored_hash.encode('utf-8')
+
hashed_pass = bcrypt.hashpw(raw_pass.encode('utf-8'), stored_hash)
# Reduce risk of timing attacks by hashing again with a random
@@ -66,8 +69,7 @@ def bcrypt_gen_password_hash(raw_pass, extra_salt=None):
if extra_salt:
raw_pass = f"{extra_salt}:{raw_pass}"
- return str(
- bcrypt.hashpw(raw_pass.encode('utf-8'), bcrypt.gensalt()))
+ return bcrypt.hashpw(raw_pass.encode('utf-8'), bcrypt.gensalt()).decode()
def fake_login_attempt():
@@ -81,9 +83,9 @@ def fake_login_attempt():
"""
rand_salt = bcrypt.gensalt(5)
- hashed_pass = bcrypt.hashpw(str(random.random()), rand_salt)
+ hashed_pass = bcrypt.hashpw(str(random.random()).encode('utf8'), rand_salt)
- randplus_stored_hash = bcrypt.hashpw(str(random.random()), rand_salt)
+ randplus_stored_hash = bcrypt.hashpw(str(random.random()).encode('utf8'),
rand_salt)
randplus_hashed_pass = bcrypt.hashpw(hashed_pass, rand_salt)
randplus_stored_hash == randplus_hashed_pass
diff --git a/setup.cfg b/setup.cfg
index 5f9f0408..fb7d8c03 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -56,7 +56,7 @@ install_requires =
Markdown
oauthlib
PasteScript
- py-bcrypt
+ bcrypt
PyLD<2.0.0 # Breaks a Python 3 test if >= 2.0.0.
python-dateutil
pytz
--
2.32.0
- [PATCH mediagoblin] Replace py-bcrypt with bcrypt,
~eroca <=