# HG changeset patch
# User Mads Kiilerich <mads@kiilerich.com>
# Date 1497186129 -7200
# Node ID 30d61922f24eb144190052818c3fc6a24562f42b
# Parent  b99cd2bc7540bfde8f017ae0b8e7519e4d937365
auth: fix crash on invalid bcrypt password

When an invalid password was specified, it would with an exception:

  File "kallithea/lib/auth.py", in check_password
    return bcrypt.checkpw(safe_str(password), safe_str(hashed))
  ValueError: Invalid hashed_password salt

We do apparently have to catch ValueError and treat it as "invalid password".

diff -r b99cd2bc7540 -r 30d61922f24e kallithea/lib/auth.py
--- a/kallithea/lib/auth.py	Sun Jun 11 15:02:09 2017 +0200
+++ b/kallithea/lib/auth.py	Sun Jun 11 15:02:09 2017 +0200
@@ -121,7 +121,13 @@
         return hashlib.sha256(password).hexdigest() == hashed
     elif is_unix:
         import bcrypt
-        return bcrypt.checkpw(safe_str(password), safe_str(hashed))
+        print (safe_str(password), safe_str(hashed))
+        try:
+            return bcrypt.checkpw(safe_str(password), safe_str(hashed))
+        except ValueError as e:
+            # bcrypt will throw ValueError 'Invalid hashed_password salt' on all password errors
+            log.error('error from bcrypt checking password: %s', e)
+            return False
     else:
         raise Exception('Unknown or unsupported platform %s' \
                         % __platform__)