Mercurial > kallithea
changeset 6669:30d61922f24e
auth: fix crash on invalid bcrypt password
When an invalid password was specified, it would with an exception:
File "kallithea/lib/auth.py", in check_password
return bcrypt.checkpw(safe_str(password), safe_str(hashed))
ValueError: Invalid hashed_password salt
We do apparently have to catch ValueError and treat it as "invalid password".
author | Mads Kiilerich <mads@kiilerich.com> |
---|---|
date | Sun, 11 Jun 2017 15:02:09 +0200 |
parents | b99cd2bc7540 |
children | 7bca124ef278 |
files | kallithea/lib/auth.py |
diffstat | 1 files changed, 7 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/lib/auth.py Sun Jun 11 15:02:09 2017 +0200 +++ b/kallithea/lib/auth.py Sun Jun 11 15:02:09 2017 +0200 @@ -121,7 +121,13 @@ return hashlib.sha256(password).hexdigest() == hashed elif is_unix: import bcrypt - return bcrypt.checkpw(safe_str(password), safe_str(hashed)) + print (safe_str(password), safe_str(hashed)) + try: + return bcrypt.checkpw(safe_str(password), safe_str(hashed)) + except ValueError as e: + # bcrypt will throw ValueError 'Invalid hashed_password salt' on all password errors + log.error('error from bcrypt checking password: %s', e) + return False else: raise Exception('Unknown or unsupported platform %s' \ % __platform__)