Opened 7 years ago

Closed 3 years ago

#5549 closed defect (no-action)

python3 password check does not work

Reported by: Marco Strigl Owned by:
Priority: major Milestone:
Component: programming Keywords:
Cc: Parent Tickets:


I have a installation of mediagoblin on openSUSE Tumbleweed.
I run python3.

Everything runs fine until I logout. I am not able to login, because the stored_hash seems not to be encoded.

If I print the stored_hash I get:

In python3-bcrypto the following check raises the error:
if isinstance(password, six.text_type) or isinstance(salt, six.text_type):

And the traceback attached:

Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/waitress-1.1.0-py3.6.egg/waitress/", line 338, in service
  File "/usr/lib/python3.6/site-packages/waitress-1.1.0-py3.6.egg/waitress/", line 169, in service
  File "/usr/lib/python3.6/site-packages/waitress-1.1.0-py3.6.egg/waitress/", line 399, in execute
    app_iter =, start_response)
  File "/srv/", line 342, in __call__
    return self.call_backend(environ, start_response)
  File "/srv/", line 600, in __call__
    return, start_response)
  File "/srv/", line 276, in call_backend
    return self._finish_call_backend(request, environ, start_response)
  File "/srv/", line 318, in _finish_call_backend
    response = controller(request)
  File "/srv/", line 367, in wrapper
    return controller(request, *args, **kwargs)
  File "/srv/", line 93, in login
  File "/srv/", line 167, in check_login_simple
    if not auth.check_password(password, user.pw_hash):
  File "/srv/", line 43, in check_password
    raw_pass, stored_hash, extra_salt)
  File "/srv/", line 308, in hook_handle
    result = callable(*args, **kwargs)
  File "/srv/", line 92, in check_password
    stored_hash, extra_salt)
  File "/srv/", line 45, in bcrypt_check_password
    hashed_pass = bcrypt.hashpw(raw_pass.encode('utf-8'), stored_hash)
  File "/usr/lib64/python3.6/site-packages/bcrypt/", line 65, in hashpw
    raise TypeError("Unicode-objects must be encoded before hashing")
TypeError: Unicode-objects must be encoded before hashing

Attachments (1)

fix_hash (551 bytes ) - added by Marco Strigl 7 years ago.

Download all attachments as: .zip

Change History (6)

comment:1 by Marco Strigl, 7 years ago

I managed to fix it with this patch:

***    2017-11-13 14:29:18.255113996 +0100
--- tools.py_fix        2017-11-13 14:30:17.505473997 +0100
*** 68,75 ****
      if extra_salt:
          raw_pass = u"%s:%s" % (extra_salt, raw_pass)
!     return six.text_type(
!         bcrypt.hashpw(raw_pass.encode('utf-8'), bcrypt.gensalt()))
  def fake_login_attempt():
--- 68,74 ----
      if extra_salt:
          raw_pass = u"%s:%s" % (extra_salt, raw_pass)
!     return bcrypt.hashpw(raw_pass.encode('utf-8'), bcrypt.gensalt())
  def fake_login_attempt():

But I am not sure that this breaks nothing for python2.

by Marco Strigl, 7 years ago

Attachment: fix_hash added

comment:2 by Marco Strigl, 7 years ago

I tested master with python2.7 and I get the same error (without the applied patch):

File "/usr/lib64/python2.7/site-packages/bcrypt/", line 62, in hashpw
    raise TypeError("Unicode-objects must be encoded before hashing")
TypeError: Unicode-objects must be encoded before hashing

I applied above patch. Still no success. With the following code in plugins/basic_auth/ it works (together with the patch above):

if isinstance(stored_hash, six.text_type):
        stored_hash = stored_hash.encode('utf-8')

comment:3 by Marco Strigl, 7 years ago

I found the underlying problem:
I am not using a virtualenv and therefore installed the dependencies myself.

I accidentally installed bcrypt instead of py-bcrypt. And this cause the problem.
My patch allows bcrypt and py-bcrypt compatibility.

Perhaps bycrypt should be used anyway, because the last change to py-bcrypt was in 2013-08-25.

comment:4 by Ben Sturmfels, 5 years ago

Thanks Marco, glad you were able to figure it out. Sounds like it could be worth switching from py-bcrypt to bcrypt. On the other hand though, old software isn't necessarily bad, especially if it's something specific like a hashing library.

Would you mind attaching a patch file as explained here:

eg. git format-patch --stdout <remote>/master > issue_<number>.patch

comment:5 by Ben Sturmfels, 3 years ago

Resolution: no-action-required
Status: newclosed

Closing this ticket as Marco's issue was related to having an incorrect dependency installed.

Note: See TracTickets for help on using tickets.