Opened 11 years ago

Closed 11 years ago

Last modified 11 years ago

#19509 closed Bug (fixed)

UnicodeEncodeError on bcrypt passwords with cyrillic

Reported by: Vladimir Owned by: Claude Paroz
Component: contrib.auth Version: 1.5-beta-1
Severity: Release blocker Keywords:
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

I think there are problems, and with other non-standard characters.
Perhaps this is a bug in the py-bcrypt, but the documentation you recommend to use this library.
p.s. now i convert a string password to utf in custom hasher.

Environment:

Request Method: POST
Request URL: http://192.168.0.10:8000/admin/auth/user/1/password/

Django Version: 1.5b2
Python Version: 2.7.3
Installed Applications:
('django.contrib.auth',
 'django.contrib.contenttypes',
 'django.contrib.sessions',
 'django.contrib.sites',
 'django.contrib.messages',
 'django.contrib.staticfiles',
 'django.contrib.admin')
Installed Middleware:
('django.middleware.common.CommonMiddleware',
 'django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware')

Traceback:
File "/var/www/.env/local/lib/python2.7/site-packages/django/core/handlers/base.py" in get_response
  116.                         response = callback(request, *callback_args, **callback_kwargs)
File "/var/www/.env/local/lib/python2.7/site-packages/django/utils/decorators.py" in _wrapped_view
  91.                     response = view_func(request, *args, **kwargs)
File "/var/www/.env/local/lib/python2.7/site-packages/django/views/decorators/cache.py" in _wrapped_view_func
  89.         response = view_func(request, *args, **kwargs)
File "/var/www/.env/local/lib/python2.7/site-packages/django/contrib/admin/sites.py" in inner
  202.             return view(request, *args, **kwargs)
File "/var/www/.env/local/lib/python2.7/site-packages/django/views/decorators/debug.py" in sensitive_post_parameters_wrapper
  69.             return view(request, *args, **kwargs)
File "/var/www/.env/local/lib/python2.7/site-packages/django/contrib/auth/admin.py" in user_change_password
  125.                 form.save()
File "/var/www/.env/local/lib/python2.7/site-packages/django/contrib/auth/forms.py" in save
  351.         self.user.set_password(self.cleaned_data["password1"])
File "/var/www/.env/local/lib/python2.7/site-packages/django/contrib/auth/models.py" in set_password
  267.         self.password = make_password(raw_password)
File "/var/www/.env/local/lib/python2.7/site-packages/django/contrib/auth/hashers.py" in make_password
  77.     return hasher.encode(password, salt)
File "/var/www/.env/local/lib/python2.7/site-packages/django/contrib/auth/hashers.py" in encode
  278.         data = bcrypt.hashpw(password, salt)

Exception Type: UnicodeEncodeError at /admin/auth/user/1/password/
Exception Value: 'ascii' codec can't encode characters in position 0-3: ordinal not in range(128)

Change History (3)

comment:1 by Claude Paroz, 11 years ago

Owner: changed from nobody to Claude Paroz
Severity: NormalRelease blocker
Triage Stage: UnreviewedAccepted
Type: UncategorizedBug

comment:2 by Claude Paroz <claude@…>, 11 years ago

Resolution: fixed
Status: newclosed

In 0dc3fc954f53d5b03b864e63b309acfdbb40dbf9:

Fixed #19509 -- Fixed crypt/bcrypt non-ascii password encoding

Also systematically added non-ascii passwords in hashers test suite.
Thanks Vaal for the report.

comment:3 by Claude Paroz <claude@…>, 11 years ago

In 3aba929bccde2e25a02861552f438f6f2f88edcc:

[1.5.x] Fixed #19509 -- Fixed crypt/bcrypt non-ascii password encoding

Also systematically added non-ascii passwords in hashers test suite.
Thanks Vaal for the report.
Backport of 0dc3fc954 from master.

Note: See TracTickets for help on using tickets.
Back to Top