diff options
| author | Tim Graham <timograham@gmail.com> | 2016-02-11 11:57:12 -0500 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2016-02-11 11:57:12 -0500 |
| commit | 926d41f0e74cc7578d71cfe12a970c9309bddfbc (patch) | |
| tree | 03277f899af829d49d39f6b005a9273a19b2a5b7 | |
| parent | 46ecfb9b3a11a360724e3375ba78c33c46d6a992 (diff) | |
Updated some comments for BCryptSHA256PasswordHasher.
| -rw-r--r-- | django/contrib/auth/hashers.py | 19 |
1 files changed, 8 insertions, 11 deletions
diff --git a/django/contrib/auth/hashers.py b/django/contrib/auth/hashers.py index 046b196181..5136110fa1 100644 --- a/django/contrib/auth/hashers.py +++ b/django/contrib/auth/hashers.py @@ -290,14 +290,11 @@ class BCryptSHA256PasswordHasher(BasePasswordHasher): def encode(self, password, salt): bcrypt = self._load_library() - # Need to reevaluate the force_bytes call once bcrypt is supported on - # Python 3 - - # Hash the password prior to using bcrypt to prevent password truncation - # See: https://code.djangoproject.com/ticket/20138 + # Hash the password prior to using bcrypt to prevent password + # truncation as described in #20138. if self.digest is not None: - # We use binascii.hexlify here because Python3 decided that a hex encoded - # bytestring is somehow a unicode. + # Use binascii.hexlify() because a hex encoded bytestring is + # Unicode on Python 3. password = binascii.hexlify(self.digest(force_bytes(password)).digest()) else: password = force_bytes(password) @@ -310,11 +307,11 @@ class BCryptSHA256PasswordHasher(BasePasswordHasher): assert algorithm == self.algorithm bcrypt = self._load_library() - # Hash the password prior to using bcrypt to prevent password truncation - # See: https://code.djangoproject.com/ticket/20138 + # Hash the password prior to using bcrypt to prevent password + # truncation as described in #20138. if self.digest is not None: - # We use binascii.hexlify here because Python3 decided that a hex encoded - # bytestring is somehow a unicode. + # Use binascii.hexlify() because a hex encoded bytestring is + # Unicode on Python 3. password = binascii.hexlify(self.digest(force_bytes(password)).digest()) else: password = force_bytes(password) |
