Use bcrypt's built-in function for checking the password hash

bliepp · bliepp · commit 35ae21e3d4ad · 2023-11-22T20:12:26.000+01:00
diff --git a/flask_bcrypt.py b/flask_bcrypt.py
@@ -221,5 +221,5 @@ def check_password_hash(self, pw_hash, password):
         if self._handle_long_passwords:
             password = hashlib.sha256(password).hexdigest()
             password = self._unicode_to_bytes(password)
-
-        return hmac.compare_digest(bcrypt.hashpw(password, pw_hash), pw_hash)
+        
+        return bcrypt.checkpw(password, pw_hash)
