summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTim Graham <timograham@gmail.com>2016-02-11 11:57:12 -0500
committerTim Graham <timograham@gmail.com>2016-02-11 11:57:12 -0500
commit926d41f0e74cc7578d71cfe12a970c9309bddfbc (patch)
tree03277f899af829d49d39f6b005a9273a19b2a5b7
parent46ecfb9b3a11a360724e3375ba78c33c46d6a992 (diff)
Updated some comments for BCryptSHA256PasswordHasher.
-rw-r--r--django/contrib/auth/hashers.py19
1 files changed, 8 insertions, 11 deletions
diff --git a/django/contrib/auth/hashers.py b/django/contrib/auth/hashers.py
index 046b196181..5136110fa1 100644
--- a/django/contrib/auth/hashers.py
+++ b/django/contrib/auth/hashers.py
@@ -290,14 +290,11 @@ class BCryptSHA256PasswordHasher(BasePasswordHasher):
def encode(self, password, salt):
bcrypt = self._load_library()
- # Need to reevaluate the force_bytes call once bcrypt is supported on
- # Python 3
-
- # Hash the password prior to using bcrypt to prevent password truncation
- # See: https://code.djangoproject.com/ticket/20138
+ # Hash the password prior to using bcrypt to prevent password
+ # truncation as described in #20138.
if self.digest is not None:
- # We use binascii.hexlify here because Python3 decided that a hex encoded
- # bytestring is somehow a unicode.
+ # Use binascii.hexlify() because a hex encoded bytestring is
+ # Unicode on Python 3.
password = binascii.hexlify(self.digest(force_bytes(password)).digest())
else:
password = force_bytes(password)
@@ -310,11 +307,11 @@ class BCryptSHA256PasswordHasher(BasePasswordHasher):
assert algorithm == self.algorithm
bcrypt = self._load_library()
- # Hash the password prior to using bcrypt to prevent password truncation
- # See: https://code.djangoproject.com/ticket/20138
+ # Hash the password prior to using bcrypt to prevent password
+ # truncation as described in #20138.
if self.digest is not None:
- # We use binascii.hexlify here because Python3 decided that a hex encoded
- # bytestring is somehow a unicode.
+ # Use binascii.hexlify() because a hex encoded bytestring is
+ # Unicode on Python 3.
password = binascii.hexlify(self.digest(force_bytes(password)).digest())
else:
password = force_bytes(password)