summary refs log tree commit diff
path: root/synapse/handlers/auth.py
diff options
context:
space:
mode:
authorErik Johnston <erik@matrix.org>2016-07-06 14:46:31 +0100
committerErik Johnston <erik@matrix.org>2016-07-06 14:46:31 +0100
commita17e7caeb708f267e8ac2b18404a098e90792834 (patch)
tree2dee0e30691c1a9fd30ee9d674c8c5a6cfe7e7de /synapse/handlers/auth.py
parentAdd ReadWriteLock for pagination and history prune (diff)
parentCheck that there are no null bytes in user and passsword (diff)
downloadsynapse-a17e7caeb708f267e8ac2b18404a098e90792834.tar.xz
Merge branch 'erikj/shared_secret' into erikj/test2
Diffstat (limited to 'synapse/handlers/auth.py')
-rw-r--r--synapse/handlers/auth.py6
1 files changed, 4 insertions, 2 deletions
diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py
index 968095c141..e259213a36 100644
--- a/synapse/handlers/auth.py
+++ b/synapse/handlers/auth.py
@@ -750,7 +750,8 @@ class AuthHandler(BaseHandler):
         Returns:
             Hashed password (str).
         """
-        return bcrypt.hashpw(password, bcrypt.gensalt(self.bcrypt_rounds))
+        return bcrypt.hashpw(password + self.hs.config.password_pepper,
+                             bcrypt.gensalt(self.bcrypt_rounds))
 
     def validate_hash(self, password, stored_hash):
         """Validates that self.hash(password) == stored_hash.
@@ -763,6 +764,7 @@ class AuthHandler(BaseHandler):
             Whether self.hash(password) == stored_hash (bool).
         """
         if stored_hash:
-            return bcrypt.hashpw(password, stored_hash.encode('utf-8')) == stored_hash
+            return bcrypt.hashpw(password + self.hs.config.password_pepper,
+                                 stored_hash.encode('utf-8')) == stored_hash
         else:
             return False