Fix comment on bcrypt and avoid hard-coding 29 as the salt length
Change-Id: Ifc78535ea79e071b7953769ff26eed8ecf666dc2
This commit is contained in:
parent
524d3d1c41
commit
26655dc7b7
|
@ -151,15 +151,14 @@ def hash_password(password):
|
|||
def check_password(password, hashed):
|
||||
"""Check that a plaintext password matches hashed.
|
||||
|
||||
Due to the way bcrypt works, hashing a password with the hashed
|
||||
version of that password as salt will return the hashed version
|
||||
of that password (mostly). Neat!
|
||||
hashpw returns the salt value concatenated with the actual hash value.
|
||||
It extracts the actual salt if this value is then passed as the salt.
|
||||
|
||||
"""
|
||||
if password is None:
|
||||
return False
|
||||
password_utf8 = password.encode('utf-8')
|
||||
check = bcrypt.hashpw(password_utf8, hashed[:29])
|
||||
check = bcrypt.hashpw(password_utf8, hashed)
|
||||
return check == hashed
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue