Use bcrypt's built-in function for checking the password hash

maxcountryman · Nov 22, 2023 · 35ae21e · 35ae21e
1 parent d906452
commit 35ae21e
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/flask_bcrypt.py b/flask_bcrypt.py
@@ -221,5 +221,5 @@ def check_password_hash(self, pw_hash, password):
         if self._handle_long_passwords:
             password = hashlib.sha256(password).hexdigest()
             password = self._unicode_to_bytes(password)
-
-        return hmac.compare_digest(bcrypt.hashpw(password, pw_hash), pw_hash)
+        
+        return bcrypt.checkpw(password, pw_hash)