Mercurial > kallithea

--- a/kallithea/lib/auth.py	Sun Jun 11 15:02:09 2017 +0200
+++ b/kallithea/lib/auth.py	Sun Jun 11 15:02:09 2017 +0200
@@ -121,7 +121,13 @@
         return hashlib.sha256(password).hexdigest() == hashed
     elif is_unix:
         import bcrypt
-        return bcrypt.checkpw(safe_str(password), safe_str(hashed))
+        print (safe_str(password), safe_str(hashed))
+        try:
+            return bcrypt.checkpw(safe_str(password), safe_str(hashed))
+        except ValueError as e:
+            # bcrypt will throw ValueError 'Invalid hashed_password salt' on all password errors
+            log.error('error from bcrypt checking password: %s', e)
+            return False
     else:
         raise Exception('Unknown or unsupported platform %s' \
                         % __platform__)