Code

Opened 19 months ago

Closed 19 months ago

Last modified 19 months ago

#19509 closed Bug (fixed)

UnicodeEncodeError on bcrypt passwords with cyrillic

Reported by: Vaal Owned by: claudep
Component: contrib.auth Version: 1.5-beta-1
Severity: Release blocker Keywords:
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

I think there are problems, and with other non-standard characters.
Perhaps this is a bug in the py-bcrypt, but the documentation you recommend to use this library.
p.s. now i convert a string password to utf in custom hasher.

Environment:

Request Method: POST
Request URL: http://192.168.0.10:8000/admin/auth/user/1/password/

Django Version: 1.5b2
Python Version: 2.7.3
Installed Applications:
('django.contrib.auth',
 'django.contrib.contenttypes',
 'django.contrib.sessions',
 'django.contrib.sites',
 'django.contrib.messages',
 'django.contrib.staticfiles',
 'django.contrib.admin')
Installed Middleware:
('django.middleware.common.CommonMiddleware',
 'django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware')

Traceback:
File "/var/www/.env/local/lib/python2.7/site-packages/django/core/handlers/base.py" in get_response
  116.                         response = callback(request, *callback_args, **callback_kwargs)
File "/var/www/.env/local/lib/python2.7/site-packages/django/utils/decorators.py" in _wrapped_view
  91.                     response = view_func(request, *args, **kwargs)
File "/var/www/.env/local/lib/python2.7/site-packages/django/views/decorators/cache.py" in _wrapped_view_func
  89.         response = view_func(request, *args, **kwargs)
File "/var/www/.env/local/lib/python2.7/site-packages/django/contrib/admin/sites.py" in inner
  202.             return view(request, *args, **kwargs)
File "/var/www/.env/local/lib/python2.7/site-packages/django/views/decorators/debug.py" in sensitive_post_parameters_wrapper
  69.             return view(request, *args, **kwargs)
File "/var/www/.env/local/lib/python2.7/site-packages/django/contrib/auth/admin.py" in user_change_password
  125.                 form.save()
File "/var/www/.env/local/lib/python2.7/site-packages/django/contrib/auth/forms.py" in save
  351.         self.user.set_password(self.cleaned_data["password1"])
File "/var/www/.env/local/lib/python2.7/site-packages/django/contrib/auth/models.py" in set_password
  267.         self.password = make_password(raw_password)
File "/var/www/.env/local/lib/python2.7/site-packages/django/contrib/auth/hashers.py" in make_password
  77.     return hasher.encode(password, salt)
File "/var/www/.env/local/lib/python2.7/site-packages/django/contrib/auth/hashers.py" in encode
  278.         data = bcrypt.hashpw(password, salt)

Exception Type: UnicodeEncodeError at /admin/auth/user/1/password/
Exception Value: 'ascii' codec can't encode characters in position 0-3: ordinal not in range(128)

Attachments (0)

Change History (3)

comment:1 Changed 19 months ago by claudep

  • Needs documentation unset
  • Needs tests unset
  • Owner changed from nobody to claudep
  • Patch needs improvement unset
  • Severity changed from Normal to Release blocker
  • Triage Stage changed from Unreviewed to Accepted
  • Type changed from Uncategorized to Bug

comment:2 Changed 19 months ago by Claude Paroz <claude@…>

  • Resolution set to fixed
  • Status changed from new to closed

In 0dc3fc954f53d5b03b864e63b309acfdbb40dbf9:

Fixed #19509 -- Fixed crypt/bcrypt non-ascii password encoding

Also systematically added non-ascii passwords in hashers test suite.
Thanks Vaal for the report.

comment:3 Changed 19 months ago by Claude Paroz <claude@…>

In 3aba929bccde2e25a02861552f438f6f2f88edcc:

[1.5.x] Fixed #19509 -- Fixed crypt/bcrypt non-ascii password encoding

Also systematically added non-ascii passwords in hashers test suite.
Thanks Vaal for the report.
Backport of 0dc3fc954 from master.

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.