use bcrypt.checkpw

in bcrypt 3.1.0 checkpw got introduced (already 2 years ago)
This makes use of that with enhancements which might get introduced
by that

Signed-Off-by: Matthias Kesler <krombel@krombel.de>
pull/2949/head
Krombel 2018-03-05 17:51:09 +01:00
parent d032785aa7
commit ed9b5eced4
2 changed files with 5 additions and 3 deletions

View File

@ -863,8 +863,10 @@ class AuthHandler(BaseHandler):
""" """
def _do_validate_hash(): def _do_validate_hash():
return bcrypt.hashpw(password.encode('utf8') + self.hs.config.password_pepper, return bcrypt.checkpw(
stored_hash.encode('utf8')) == stored_hash password.encode('utf8') + self.hs.config.password_pepper,
stored_hash.encode('utf8')
)
if stored_hash: if stored_hash:
return make_deferred_yieldable(threads.deferToThread(_do_validate_hash)) return make_deferred_yieldable(threads.deferToThread(_do_validate_hash))

View File

@ -31,7 +31,7 @@ REQUIREMENTS = {
"pyyaml": ["yaml"], "pyyaml": ["yaml"],
"pyasn1": ["pyasn1"], "pyasn1": ["pyasn1"],
"daemonize": ["daemonize"], "daemonize": ["daemonize"],
"bcrypt": ["bcrypt"], "bcrypt": ["bcrypt>=3.1.0"],
"pillow": ["PIL"], "pillow": ["PIL"],
"pydenticon": ["pydenticon"], "pydenticon": ["pydenticon"],
"ujson": ["ujson"], "ujson": ["ujson"],