#31719 closed Bug (invalid)
Remaining data.decode('ascii') @ hashers.py, but data is a str
Reported by: | Marcel Nogueira d' Eurydice | Owned by: | nobody |
---|---|---|---|
Component: | contrib.auth | Version: | 3.0 |
Severity: | Normal | Keywords: | string, decode, python3 |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
BCryptSHA256PasswordHasher class method enconde tries to decode data, but data is a str. In Python3 a str instance does not have a decode method.
def encode(self, password, salt): bcrypt = self._load_library() password = password.encode() # Hash the password prior to using bcrypt to prevent password # truncation as described in #20138. if self.digest is not None: # Use binascii.hexlify() because a hex encoded bytestring is str. password = binascii.hexlify(self.digest(password).digest()) data = bcrypt.hashpw(password, salt) return "%s$%s" % (self.algorithm, data.decode('ascii'))
the return statement should be
return "%s$%s" % (self.algorithm, data)
Change History (6)
comment:1 by , 4 years ago
Resolution: | → invalid |
---|---|
Status: | new → closed |
comment:2 by , 4 years ago
I'm facing the same issue. And tried to check type but I got str. I don't know why though..
import bcrypt type(bcrypt.hashpw(b'password', bcrypt.gensalt())) <class 'str'>
follow-up: 4 comment:3 by , 4 years ago
naohide, probably because you're using Python 2 which is not supported.
comment:4 by , 4 years ago
Replying to felixxm:
naohide, probably because you're using Python 2 which is not supported.
I'm using Python3.8.5.
follow-up: 6 comment:5 by , 4 years ago
I checked _bcrypt.py and this might be the reason. I'm using https://pypi.org/project/py-bcrypt/ and called this package's bcrypt.
What do you guys use normally?
# encoding: utf-8
# module bcrypt._bcrypt
# from /.virtualenvs/project/lib/python3.8/site-packages/bcrypt/_bcrypt.cpython-38-darwin.so
# by generator 1.145
""" Internal module used by bcrypt. """
comment:6 by , 4 years ago
Replying to naohide:
I checked _bcrypt.py and this might be the reason. I'm using https://pypi.org/project/py-bcrypt/ and called this package's bcrypt.
What do you guys use normally?
# encoding: utf-8
# module bcrypt._bcrypt
# from /.virtualenvs/project/lib/python3.8/site-packages/bcrypt/_bcrypt.cpython-38-darwin.so
# by generator 1.145
""" Internal module used by bcrypt. """
got it. I changed py-bcrypt to https://pypi.org/project/bcrypt/ and worked fine for me!
bcrypt.hashpw
returnsbytes
(and notstr
) which do have a.decode
method and its usage is necessary for the string interpolation into"%s$%s"
to work properly.