diff options
author | zsloan | 2021-01-14 15:53:53 -0600 |
---|---|---|
committer | zsloan | 2021-01-14 15:53:53 -0600 |
commit | 0bac313ba6a6c4cf04acf230641cc4208a386275 (patch) | |
tree | 48a51ecab3584c3a7c8f204b44834170f4049af4 | |
parent | 355e5337330f57ee173aaf309805ca1b0ec0503c (diff) | |
download | genenetwork2-0bac313ba6a6c4cf04acf230641cc4208a386275.tar.gz |
Added some lines that check if salt is already bytes and convert it if necessary (this is caused by salt being passed to a function as bytes when an account is registered but being passed as a string when logging in)
-rw-r--r-- | wqflask/wqflask/pbkdf2.py | 4 | ||||
-rw-r--r-- | wqflask/wqflask/user_login.py | 6 |
2 files changed, 7 insertions, 3 deletions
diff --git a/wqflask/wqflask/pbkdf2.py b/wqflask/wqflask/pbkdf2.py index aea5b06c..6346df03 100644 --- a/wqflask/wqflask/pbkdf2.py +++ b/wqflask/wqflask/pbkdf2.py @@ -2,15 +2,15 @@ import hashlib from werkzeug.security import safe_str_cmp as ssc - # Replace this because it just wraps around Python3's internal # functions. Added this during migration. def pbkdf2_hex(data, salt, iterations=1000, keylen=24, hashfunc="sha1"): """Wrapper function of python's hashlib.pbkdf2_hmac. """ + dk = hashlib.pbkdf2_hmac(hashfunc, bytes(data, "utf-8"), # password - bytes(salt, "utf-8"), # salt + salt, iterations, keylen) return dk.hex() diff --git a/wqflask/wqflask/user_login.py b/wqflask/wqflask/user_login.py index bc608e84..041f1f11 100644 --- a/wqflask/wqflask/user_login.py +++ b/wqflask/wqflask/user_login.py @@ -39,8 +39,12 @@ def basic_info(): def encode_password(pass_gen_fields, unencrypted_password): + if isinstance(pass_gen_fields['salt'], bytes): + salt = pass_gen_fields['salt'] + else: + salt = bytes(pass_gen_fields['salt'], "utf-8") encrypted_password = pbkdf2.pbkdf2_hex(str(unencrypted_password), - pass_gen_fields['salt'], + salt, pass_gen_fields['iterations'], pass_gen_fields['keylength'], pass_gen_fields['hashfunc']) |