Rooba
/
tornado
mirror of https://github.com/tornadoweb/tornado.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2783 from kinow/fix-1824 

Use bcrypt's checkpw instead of == in demo blog app
This commit is contained in:
Ben Darnell 2019-12-08 16:01:27 -05:00 committed by GitHub
parent 18d7026853 0e6ec1728c
commit 74a4ba0b3f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
demos/blog/blog.py
View File

@ -266,14 +266,13 @@ class AuthLoginHandler(BaseHandler):
except NoResultError: except NoResultError:
self.render("login.html", error="email not found") self.render("login.html", error="email not found")
return return
hashed_password = await tornado.ioloop.IOLoop.current().run_in_executor( password_equal = await tornado.ioloop.IOLoop.current().run_in_executor(
None, None,
bcrypt.hashpw, bcrypt.checkpw,
tornado.escape.utf8(self.get_argument("password")), tornado.escape.utf8(self.get_argument("password")),
tornado.escape.utf8(author.hashed_password), tornado.escape.utf8(author.hashed_password),
) )
hashed_password = tornado.escape.to_unicode(hashed_password) if password_equal:
if hashed_password == author.hashed_password:
self.set_secure_cookie("blogdemo_user", str(author.id)) self.set_secure_cookie("blogdemo_user", str(author.id))
self.redirect(self.get_argument("next", "/")) self.redirect(self.get_argument("next", "/"))
else: else: