Don't error on non-ascii passwords

This commit is contained in:
David Baker 2016-11-03 10:42:14 +00:00
parent 80d5d3baa1
commit 9084720993

View file

@ -653,7 +653,7 @@ class AuthHandler(BaseHandler):
Returns:
Hashed password (str).
"""
return bcrypt.hashpw(password + self.hs.config.password_pepper,
return bcrypt.hashpw(password.encode('utf8') + self.hs.config.password_pepper,
bcrypt.gensalt(self.bcrypt_rounds))
def validate_hash(self, password, stored_hash):