Opened 6 years ago
Last modified 6 years ago
#29652 closed Bug
BCryptSHA256PasswordHasher fails to encode() — at Version 1
| Reported by: | Jens-Wolfhard Schicke-Uffmann | Owned by: | nobody |
|---|---|---|---|
| Component: | contrib.auth | Version: | 2.1 |
| Severity: | Normal | Keywords: | |
| Cc: | Herbert Fortes, Jens-Wolfhard Schicke-Uffmann | Triage Stage: | Accepted |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | yes | UI/UX: | no |
Description (last modified by )
The BCryptSHA256PasswordHasher became more picky in what kind of data it accepts. This broke existing code which subclassed the BCryptSHA256PasswordHasher and hashes the result of some other computation.
#!/usr/bin/env python
from django.contrib.auth.hashers import BCryptSHA256PasswordHasher
hasher = BCryptSHA256PasswordHasher()
hasher.encode('secret', hasher.salt())
results in
Traceback (most recent call last):
File "issue.py", line 6, in <module>
hasher.encode('secret', hasher.salt())
File "/mnt/crypt/drahflow/.virtualenvs/NDA/lib/python3.6/site-packages/django/contrib/auth/hashers.py", line 417, in encode
return "%s$%s" % (self.algorithm, data.decode('ascii'))
AttributeError: 'str' object has no attribute 'decode'
The bug was introduced in: https://github.com/django/django/commit/16c5a334ff3ad9d8b3cd1314562c7af20a2a7c7d
Other hashers might be affected, I didn't check.
Note:
See TracTickets
for help on using tickets.