Fixed #21398 -- Fixed BCryptSHA256PasswordHasher with py-bcrypt and Python 3.

Thanks arjan at anymore.nl for the report.

django/contrib/auth/hashers.py

@@ -322,8 +322,10 @@ class BCryptSHA256PasswordHasher(BasePasswordHasher):
 
         # Ensure that our data is a bytestring
         data = force_bytes(data)
+        # force_bytes() necessary for py-bcrypt compatibility
+        hashpw = force_bytes(bcrypt.hashpw(password, data))
 
-        return constant_time_compare(data, bcrypt.hashpw(password, data))
+        return constant_time_compare(data, hashpw)
 
     def safe_summary(self, encoded):
         algorithm, empty, algostr, work_factor, data = encoded.split('$', 4)

docs/releases/1.6.1.txt

@@ -0,0 +1,14 @@
+==========================
+Django 1.6.1 release notes
+==========================
+
+*Under development*
+
+This is Django 1.6.1, a bugfix release for Django 1.6.
+
+...
+
+Bug fixes
+=========
+
+* Fixed ``BCryptSHA256PasswordHasher`` with py-bcrypt and Python 3 (#21398).

docs/releases/index.txt

@@ -30,6 +30,7 @@ Final releases
    :maxdepth: 1
 
    1.6
+   1.6.1
 
 1.5 release
 -----------