aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorzsloan2021-01-14 15:53:53 -0600
committerzsloan2021-01-14 15:53:53 -0600
commit0bac313ba6a6c4cf04acf230641cc4208a386275 (patch)
tree48a51ecab3584c3a7c8f204b44834170f4049af4
parent355e5337330f57ee173aaf309805ca1b0ec0503c (diff)
downloadgenenetwork2-0bac313ba6a6c4cf04acf230641cc4208a386275.tar.gz
Added some lines that check if salt is already bytes and convert it if necessary (this is caused by salt being passed to a function as bytes when an account is registered but being passed as a string when logging in)
-rw-r--r--wqflask/wqflask/pbkdf2.py4
-rw-r--r--wqflask/wqflask/user_login.py6
2 files changed, 7 insertions, 3 deletions
diff --git a/wqflask/wqflask/pbkdf2.py b/wqflask/wqflask/pbkdf2.py
index aea5b06c..6346df03 100644
--- a/wqflask/wqflask/pbkdf2.py
+++ b/wqflask/wqflask/pbkdf2.py
@@ -2,15 +2,15 @@ import hashlib
from werkzeug.security import safe_str_cmp as ssc
-
# Replace this because it just wraps around Python3's internal
# functions. Added this during migration.
def pbkdf2_hex(data, salt, iterations=1000, keylen=24, hashfunc="sha1"):
"""Wrapper function of python's hashlib.pbkdf2_hmac.
"""
+
dk = hashlib.pbkdf2_hmac(hashfunc,
bytes(data, "utf-8"), # password
- bytes(salt, "utf-8"), # salt
+ salt,
iterations,
keylen)
return dk.hex()
diff --git a/wqflask/wqflask/user_login.py b/wqflask/wqflask/user_login.py
index bc608e84..041f1f11 100644
--- a/wqflask/wqflask/user_login.py
+++ b/wqflask/wqflask/user_login.py
@@ -39,8 +39,12 @@ def basic_info():
def encode_password(pass_gen_fields, unencrypted_password):
+ if isinstance(pass_gen_fields['salt'], bytes):
+ salt = pass_gen_fields['salt']
+ else:
+ salt = bytes(pass_gen_fields['salt'], "utf-8")
encrypted_password = pbkdf2.pbkdf2_hex(str(unencrypted_password),
- pass_gen_fields['salt'],
+ salt,
pass_gen_fields['iterations'],
pass_gen_fields['keylength'],
pass_gen_fields['hashfunc'])