From 6e75756d376578d426fb38f492acd8c6c75674f3 Mon Sep 17 00:00:00 2001 From: Ricardo Dias Date: Thu, 22 Mar 2018 12:18:56 +0000 Subject: [PATCH] mgr/dashboard: fixed password generation in Auth controller Fixes: http://tracker.ceph.com/issues/23404 Signed-off-by: Ricardo Dias --- src/pybind/mgr/dashboard/controllers/auth.py | 7 +++---- src/pybind/mgr/dashboard/requirements.txt | 2 +- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/src/pybind/mgr/dashboard/controllers/auth.py b/src/pybind/mgr/dashboard/controllers/auth.py index 28a2f28f7d36f..1e40d022e2cbb 100644 --- a/src/pybind/mgr/dashboard/controllers/auth.py +++ b/src/pybind/mgr/dashboard/controllers/auth.py @@ -2,7 +2,6 @@ from __future__ import absolute_import import time -import sys import bcrypt import cherrypy @@ -58,9 +57,9 @@ class Auth(RESTController): def password_hash(password, salt_password=None): if not salt_password: salt_password = bcrypt.gensalt() - if sys.version_info > (3, 0): - return bcrypt.hashpw(password, salt_password) - return bcrypt.hashpw(password.encode('utf8'), salt_password) + else: + salt_password = salt_password.encode('utf8') + return bcrypt.hashpw(password.encode('utf8'), salt_password).decode('utf8') @staticmethod def check_auth(): diff --git a/src/pybind/mgr/dashboard/requirements.txt b/src/pybind/mgr/dashboard/requirements.txt index f6191ea385725..4484ed6609a27 100644 --- a/src/pybind/mgr/dashboard/requirements.txt +++ b/src/pybind/mgr/dashboard/requirements.txt @@ -1,6 +1,7 @@ astroid==1.6.1 attrs==17.4.0 backports.functools-lru-cache==1.4 +bcrypt==3.1.4 cheroot==6.0.0 CherryPy==13.1.0 configparser==3.5.0 @@ -21,7 +22,6 @@ pycparser==2.18 pylint==1.8.2 pytest==3.3.2 pytest-cov==2.5.1 -python-bcrypt==0.3.2 pytz==2017.3 requests==2.18.4 singledispatch==3.4.0.3 -- 2.39.5