Added some lines that check if salt is already bytes and convert it if necessary (this is caused by salt being passed to a function as bytes when an account is registered but being passed as a string when logging in)

2 files changed, 7 insertions, 3 deletions

diff --git a/wqflask/wqflask/pbkdf2.py b/wqflask/wqflask/pbkdf2.py
index aea5b06c..6346df03 100644
--- a/wqflask/wqflask/pbkdf2.py
+++ b/wqflask/wqflask/pbkdf2.py
@@ -2,15 +2,15 @@ import hashlib
 
 from werkzeug.security import safe_str_cmp as ssc
 
-
 # Replace this because it just wraps around Python3's internal
 # functions. Added this during migration.
 def pbkdf2_hex(data, salt, iterations=1000, keylen=24, hashfunc="sha1"):
     """Wrapper function of python's hashlib.pbkdf2_hmac.
     """
+
     dk = hashlib.pbkdf2_hmac(hashfunc,
                              bytes(data, "utf-8"),  # password
-                             bytes(salt, "utf-8"),  # salt
+                             salt,
                              iterations,
                              keylen)
     return dk.hex()
diff --git a/wqflask/wqflask/user_login.py b/wqflask/wqflask/user_login.py
index bc608e84..041f1f11 100644
--- a/wqflask/wqflask/user_login.py
+++ b/wqflask/wqflask/user_login.py
@@ -39,8 +39,12 @@ def basic_info():
 
 
 def encode_password(pass_gen_fields, unencrypted_password):
+    if isinstance(pass_gen_fields['salt'], bytes):
+        salt = pass_gen_fields['salt']
+    else:
+        salt = bytes(pass_gen_fields['salt'], "utf-8")
     encrypted_password = pbkdf2.pbkdf2_hex(str(unencrypted_password), 
-                                           pass_gen_fields['salt'], 
+                                           salt,
                                            pass_gen_fields['iterations'], 
                                            pass_gen_fields['keylength'], 
                                            pass_gen_fields['hashfunc'])