Fixed #36226 -- Accepted str or bytes for password and salt in password hashers. #19626
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
6 tasks
roelzkie15
force-pushed
the
fix-36226-hasher-encode-with-byte
branch
3 times, most recently
from
28143bd to
fbb93c4
Compare
sarahboyce
reviewed
Jul 14, 2025
There was a problem hiding this comment.
Thank you for the PR
I have a couple of comments
Can you also make @CodemanRichard a co-author of the commit please 👍
roelzkie15
force-pushed
the
fix-36226-hasher-encode-with-byte
branch
from
fbb93c4 to
50c16f9
Compare
Done ✅. Though I'm not sure how to do the co-authoring in git, but I rebased the commit with a message attributing also to @CodemanRichard :) |
roelzkie15
force-pushed
the
fix-36226-hasher-encode-with-byte
branch
from
50c16f9 to
3d7faa9
Compare
roelzkie15
force-pushed
the
fix-36226-hasher-encode-with-byte
branch
from
3d7faa9 to
323e867
Compare
|
Ready for another round of review. |
roelzkie15
force-pushed
the
fix-36226-hasher-encode-with-byte
branch
from
323e867 to
1e52b29
Compare
roelzkie15
commented
Jul 14, 2025
tests/auth_tests/test_hashers.py
Outdated
| with self.assertRaisesMessage(ValueError, msg): | ||
| hasher.encode("password", salt) | ||
|
|
||
| def test_password_str_and_bytes(self): |
There was a problem hiding this comment.
This is what it looks like for this test:
Test for MD5PasswordHasher:
To encode: password=password;salt=SCLshnum1QdOPjfEEWAcBy
Encoded: md5$SCLshnum1QdOPjfEEWAcBy$364c38f9a4c4ab9bc7393c4bc480f890
Verify with: password=password;password_to_verify=password;salt=SCLshnum1QdOPjfEEWAcBy is success
Verify with: password=password;password_to_verify=b'password';salt=SCLshnum1QdOPjfEEWAcBy is success
To encode: password=password;salt=b'qoFwuwsBF3b8a5cPwJgqhC'
Encoded: md5$qoFwuwsBF3b8a5cPwJgqhC$8f46dd5cb579cebd4a93120ddc2a4b3a
Verify with: password=password;password_to_verify=password;salt=b'qoFwuwsBF3b8a5cPwJgqhC' is success
Verify with: password=password;password_to_verify=b'password';salt=b'qoFwuwsBF3b8a5cPwJgqhC' is success
To encode: password=b'password';salt=wlNz9RItlfoiYdKfoSBOO3
Encoded: md5$wlNz9RItlfoiYdKfoSBOO3$d6f7ec580b18062e04de68f3297b3d12
Verify with: password=b'password';password_to_verify=password;salt=wlNz9RItlfoiYdKfoSBOO3 is success
Verify with: password=b'password';password_to_verify=b'password';salt=wlNz9RItlfoiYdKfoSBOO3 is success
To encode: password=b'password';salt=b'jBzICbb1HwDzUDzS3tx6Bu'
Encoded: md5$jBzICbb1HwDzUDzS3tx6Bu$b2442bede21b438fc80563cb466a9d49
Verify with: password=b'password';password_to_verify=password;salt=b'jBzICbb1HwDzUDzS3tx6Bu' is success
Verify with: password=b'password';password_to_verify=b'password';salt=b'jBzICbb1HwDzUDzS3tx6Bu' is success
Test for PBKDF2PasswordHasher:
To encode: password=password;salt=68W37zwTE5pKOcqseVklLC
Encoded: pbkdf2_sha256$1200000$68W37zwTE5pKOcqseVklLC$MBhmV1d5iryOiCjQcWi7Nb7X0XT+m6vKDsymccVlqpM=
Verify with: password=password;password_to_verify=password;salt=68W37zwTE5pKOcqseVklLC is success
Verify with: password=password;password_to_verify=b'password';salt=68W37zwTE5pKOcqseVklLC is success
To encode: password=password;salt=b'6fIKJ1jWQPiwBSSoEAnw0W'
Encoded: pbkdf2_sha256$1200000$6fIKJ1jWQPiwBSSoEAnw0W$LD8WPFYTPc6V4cfmILv05CcZvB9RbUSPgLjx6Qx0ClY=
Verify with: password=password;password_to_verify=password;salt=b'6fIKJ1jWQPiwBSSoEAnw0W' is success
Verify with: password=password;password_to_verify=b'password';salt=b'6fIKJ1jWQPiwBSSoEAnw0W' is success
To encode: password=b'password';salt=Qdt5iKOFYDe1eFObgTexLO
Encoded: pbkdf2_sha256$1200000$Qdt5iKOFYDe1eFObgTexLO$tGj/IaDqeAE+TKcGW/OCBceOumj6iID4IZbnHtdXzSI=
Verify with: password=b'password';password_to_verify=password;salt=Qdt5iKOFYDe1eFObgTexLO is success
Verify with: password=b'password';password_to_verify=b'password';salt=Qdt5iKOFYDe1eFObgTexLO is success
To encode: password=b'password';salt=b'R6jSD0ptcjcwaPTcgZ9kAg'
Encoded: pbkdf2_sha256$1200000$R6jSD0ptcjcwaPTcgZ9kAg$h2akXiTNugCiucdSl0SAzJG4S8lFmpnosud/ut1DB3I=
Verify with: password=b'password';password_to_verify=password;salt=b'R6jSD0ptcjcwaPTcgZ9kAg' is success
Verify with: password=b'password';password_to_verify=b'password';salt=b'R6jSD0ptcjcwaPTcgZ9kAg' is success
Test for PBKDF2SHA1PasswordHasher:
To encode: password=password;salt=p6Y8jqat8vqgoh5XsVhgTV
Encoded: pbkdf2_sha1$1200000$p6Y8jqat8vqgoh5XsVhgTV$lx6fypf1cwvqxNy9zy2faUHAuhE=
Verify with: password=password;password_to_verify=password;salt=p6Y8jqat8vqgoh5XsVhgTV is success
Verify with: password=password;password_to_verify=b'password';salt=p6Y8jqat8vqgoh5XsVhgTV is success
To encode: password=password;salt=b'Aaummmx29Xy2RBFUdTzY2y'
Encoded: pbkdf2_sha1$1200000$Aaummmx29Xy2RBFUdTzY2y$cqYFGuF0Kvkmml1o9mxuPT961Zw=
Verify with: password=password;password_to_verify=password;salt=b'Aaummmx29Xy2RBFUdTzY2y' is success
Verify with: password=password;password_to_verify=b'password';salt=b'Aaummmx29Xy2RBFUdTzY2y' is success
To encode: password=b'password';salt=dkVCevG20RkUdk0aJ656py
Encoded: pbkdf2_sha1$1200000$dkVCevG20RkUdk0aJ656py$kZfe6AKWU7JJxSZUT4uj7UQggLY=
Verify with: password=b'password';password_to_verify=password;salt=dkVCevG20RkUdk0aJ656py is success
Verify with: password=b'password';password_to_verify=b'password';salt=dkVCevG20RkUdk0aJ656py is success
To encode: password=b'password';salt=b'q0bwA0XZroUAKJm1s9s7Dk'
Encoded: pbkdf2_sha1$1200000$q0bwA0XZroUAKJm1s9s7Dk$vjEa4yrqqCLytQC6j5Tydf6foQA=
Verify with: password=b'password';password_to_verify=password;salt=b'q0bwA0XZroUAKJm1s9s7Dk' is success
Verify with: password=b'password';password_to_verify=b'password';salt=b'q0bwA0XZroUAKJm1s9s7Dk' is success
Test for ScryptPasswordHasher:
To encode: password=password;salt=sYXlPqEHNQvskWSMaWIlS8
Encoded: scrypt$16384$sYXlPqEHNQvskWSMaWIlS8$8$5$sYYZF/dpBW21ER94JkXwV0mb1/Rz9AFkM7MvuX0qCjcB2/9idHL++aXJo+YxpwNLlwZ7hWT8RaQLH83OD1ZijA==
Verify with: password=password;password_to_verify=password;salt=sYXlPqEHNQvskWSMaWIlS8 is success
Verify with: password=password;password_to_verify=b'password';salt=sYXlPqEHNQvskWSMaWIlS8 is success
To encode: password=password;salt=b'o43uySb61LeYIblYPO4CT5'
Encoded: scrypt$16384$o43uySb61LeYIblYPO4CT5$8$5$FA4BinLdamShrOvqXMt7ZR+gfR1SCn2sLyg67pRIyoQng3dO+VaB2Lz+hLHZwSnP406yMvfH4/Z8k57z1Auq0w==
Verify with: password=password;password_to_verify=password;salt=b'o43uySb61LeYIblYPO4CT5' is success
Verify with: password=password;password_to_verify=b'password';salt=b'o43uySb61LeYIblYPO4CT5' is success
To encode: password=b'password';salt=iCQcGN1WGw0ZDRidroaswm
Encoded: scrypt$16384$iCQcGN1WGw0ZDRidroaswm$8$5$3H4cNdjrb+bhD+TlfyveYNrBFDqchBQA6aX1v/3lUeCU27D911KU1DjRt616zjQkVVVGo/lXGOkGBs8YzACrgA==
Verify with: password=b'password';password_to_verify=password;salt=iCQcGN1WGw0ZDRidroaswm is success
Verify with: password=b'password';password_to_verify=b'password';salt=iCQcGN1WGw0ZDRidroaswm is success
To encode: password=b'password';salt=b'RQFbBNmeP6x0E6g5fxrI2i'
Encoded: scrypt$16384$RQFbBNmeP6x0E6g5fxrI2i$8$5$Tsf3IoWGbG+qW/pCFXE51E887VEIa5coVN+mY8EsNu2A/qBsgcgzOO4lOxBZXKiits7U62ztY430Y14FehYOvQ==
Verify with: password=b'password';password_to_verify=password;salt=b'RQFbBNmeP6x0E6g5fxrI2i' is success
Verify with: password=b'password';password_to_verify=b'password';salt=b'RQFbBNmeP6x0E6g5fxrI2i' is success
roelzkie15
force-pushed
the
fix-36226-hasher-encode-with-byte
branch
2 times, most recently
from
e7789a0 to
335d0af
Compare
Hello! Here is the documentation on how to add a co-author. You would want to use their author's email address instead of their github profile link. Look through the git log of the previous PR to find the email in the commits. Hope this helps. |
roelzkie15
force-pushed
the
fix-36226-hasher-encode-with-byte
branch
from
335d0af to
6ce4c91
Compare
Awsomeness. I managed to modify the commit with a co-author. Very helpful, thanks! |
roelzkie15
force-pushed
the
fix-36226-hasher-encode-with-byte
branch
2 times, most recently
from
86f7930 to
f7334cc
Compare
…rd hashers. Co-authored-by: Screamadelica <1621456391@sjtu.edu.cn>
sarahboyce
force-pushed
the
fix-36226-hasher-encode-with-byte
branch
from
f7334cc to
3b290b0
Compare
sarahboyce
changed the title
str or bytes for encoding and verifying passwords
sarahboyce
approved these changes
Jul 21, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Trac ticket number
ticket-36226
Branch description
Ensure that all hashers'
.encode()method is flexible to acceptstrorbytesvalue. The returned hashed/encoded value is also verifiable regardless of whether the password provided in the hasher'sverify()method is instrorbytestype.PBKDF2PasswordHasherMD5PasswordHasherPBKDF2PasswordHasherPBKDF2SHA1PasswordHasherScryptPasswordHasherBCryptPasswordHasherBCryptSHA256PasswordHasherArgon2PasswordHasherRelated ticket (inactive?): #19235
Edit: Add support for accepting salt as
strorbyteswhen encoding and verifying passwords.Checklist
mainbranch.