From 0bac313ba6a6c4cf04acf230641cc4208a386275 Mon Sep 17 00:00:00 2001 From: zsloan Date: Thu, 14 Jan 2021 15:53:53 -0600 Subject: Added some lines that check if salt is already bytes and convert it if necessary (this is caused by salt being passed to a function as bytes when an account is registered but being passed as a string when logging in) --- wqflask/wqflask/pbkdf2.py | 4 ++-- wqflask/wqflask/user_login.py | 6 +++++- 2 files changed, 7 insertions(+), 3 deletions(-) (limited to 'wqflask') diff --git a/wqflask/wqflask/pbkdf2.py b/wqflask/wqflask/pbkdf2.py index aea5b06c..6346df03 100644 --- a/wqflask/wqflask/pbkdf2.py +++ b/wqflask/wqflask/pbkdf2.py @@ -2,15 +2,15 @@ import hashlib from werkzeug.security import safe_str_cmp as ssc - # Replace this because it just wraps around Python3's internal # functions. Added this during migration. def pbkdf2_hex(data, salt, iterations=1000, keylen=24, hashfunc="sha1"): """Wrapper function of python's hashlib.pbkdf2_hmac. """ + dk = hashlib.pbkdf2_hmac(hashfunc, bytes(data, "utf-8"), # password - bytes(salt, "utf-8"), # salt + salt, iterations, keylen) return dk.hex() diff --git a/wqflask/wqflask/user_login.py b/wqflask/wqflask/user_login.py index bc608e84..041f1f11 100644 --- a/wqflask/wqflask/user_login.py +++ b/wqflask/wqflask/user_login.py @@ -39,8 +39,12 @@ def basic_info(): def encode_password(pass_gen_fields, unencrypted_password): + if isinstance(pass_gen_fields['salt'], bytes): + salt = pass_gen_fields['salt'] + else: + salt = bytes(pass_gen_fields['salt'], "utf-8") encrypted_password = pbkdf2.pbkdf2_hex(str(unencrypted_password), - pass_gen_fields['salt'], + salt, pass_gen_fields['iterations'], pass_gen_fields['keylength'], pass_gen_fields['hashfunc']) -- cgit v1.2.3