Changes for 293. Tests pass, encode UTF8 on password on registration (and also for...

author Derek Moore <derek.k.moore@gmail.com>

Mon, 12 Mar 2012 23:02:42 +0000 (16:02 -0700)

committer Derek Moore <derek.k.moore@gmail.com>

Mon, 12 Mar 2012 23:02:42 +0000 (16:02 -0700)
author Derek Moore <derek.k.moore@gmail.com>
Mon, 12 Mar 2012 23:02:42 +0000 (16:02 -0700)
committer Derek Moore <derek.k.moore@gmail.com>
Mon, 12 Mar 2012 23:02:42 +0000 (16:02 -0700)
diff --git a/mediagoblin/auth/lib.py b/mediagoblin/auth/lib.py

index 1136a252cadfc9a0ad06f3fdbb7a0c5cb7e3fbeb..ddb58fe61eec606b578b19cfc7cd5b7c1d6db77a 100644 (file)
--- a/mediagoblin/auth/lib.py
+++ b/mediagoblin/auth/lib.py
@@ -42,7 +42,7 @@ def bcrypt_check_password(raw_pass, stored_hash, extra_salt=None):
      if extra_salt:
          raw_pass = u"%s:%s" % (extra_salt, raw_pass)
  
-    hashed_pass = bcrypt.hashpw(raw_pass, stored_hash)
+    hashed_pass = bcrypt.hashpw(raw_pass.encode('utf-8'), stored_hash)
  
      # Reduce risk of timing attacks by hashing again with a random
      # number (thx to zooko on this advice, which I hopefully
@@ -68,7 +68,8 @@ def bcrypt_gen_password_hash(raw_pass, extra_salt=None):
      if extra_salt:
          raw_pass = u"%s:%s" % (extra_salt, raw_pass)
  
-    return unicode(bcrypt.hashpw(raw_pass, bcrypt.gensalt()))
+    return unicode(
+        bcrypt.hashpw(raw_pass.encode('utf-8'), bcrypt.gensalt()))
  
  
  def fake_login_attempt():
author	Derek Moore <derek.k.moore@gmail.com>
	Mon, 12 Mar 2012 23:02:42 +0000 (16:02 -0700)
committer	Derek Moore <derek.k.moore@gmail.com>
	Mon, 12 Mar 2012 23:02:42 +0000 (16:02 -0700)