Opened 6 years ago

Last modified 6 years ago

#29652 closed Bug

BCryptSHA256PasswordHasher fails to encode() — at Version 3

Reported by: Jens-Wolfhard Schicke-Uffmann Owned by: nobody
Component: contrib.auth Version: 2.1
Severity: Normal Keywords:
Cc: Herbert Fortes, Jens-Wolfhard Schicke-Uffmann Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no

Description (last modified by Jens-Wolfhard Schicke-Uffmann)

The BCryptSHA256PasswordHasher tries to decode the result of bcrypt.hashpw, which however is already a str (and not bytes).

#!/usr/bin/env python

from django.contrib.auth.hashers import BCryptSHA256PasswordHasher

hasher = BCryptSHA256PasswordHasher()
hasher.encode('secret', hasher.salt())

results in

Traceback (most recent call last):
  File "issue.py", line 6, in <module>
    hasher.encode('secret', hasher.salt())
  File "/mnt/crypt/drahflow/.virtualenvs/NDA/lib/python3.6/site-packages/django/contrib/auth/hashers.py", line 417, in encode
    return "%s$%s" % (self.algorithm, data.decode('ascii'))
AttributeError: 'str' object has no attribute 'decode'

The bug was introduced in: https://github.com/django/django/commit/16c5a334ff3ad9d8b3cd1314562c7af20a2a7c7d
Other hashers might be affected, I didn't check.

Change History (3)

comment:1 by Jens-Wolfhard Schicke-Uffmann, 6 years ago

Description: modified (diff)

comment:2 by Herbert Fortes, 6 years ago

Cc: Herbert Fortes added

comment:3 by Jens-Wolfhard Schicke-Uffmann, 6 years ago

Description: modified (diff)
Note: See TracTickets for help on using tickets.
Back to Top