Mercurial > kallithea
changeset 7121:fefd7279e798 stable
login: fix crash when entering non-ASCII password for login (Issue #300)
Avoid errors like
UnicodeEncodeError: 'ascii' codec can't encode characters in position X: ordinal not in range(128)
when the user enters non-ASCII passwords for existing internal accounts in the
login prompt.
The password forms have "always" rejected non-ASCII passwords with
Invalid characters (non-ASCII) in password
| author | Mads Kiilerich <mads@kiilerich.com> |
|---|---|
| date | Mon, 15 Jan 2018 00:34:13 +0100 |
| parents | 9b9258f5e2b2 |
| children | 70b2a828bf1e |
| files | kallithea/lib/auth.py kallithea/tests/functional/test_login.py |
| diffstat | 2 files changed, 12 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/lib/auth.py Wed Jul 26 20:23:13 2017 +0200 +++ b/kallithea/lib/auth.py Mon Jan 15 00:34:13 2018 +0100 @@ -122,6 +122,11 @@ :param hashed: password in hashed form """ + try: + password = str(password) + except UnicodeEncodeError: + log.warning('rejecting non-ascii password') + return False if is_windows: return hashlib.sha256(password).hexdigest() == hashed elif is_unix:
--- a/kallithea/tests/functional/test_login.py Wed Jul 26 20:23:13 2017 +0200 +++ b/kallithea/tests/functional/test_login.py Mon Jan 15 00:34:13 2018 +0100 @@ -133,6 +133,13 @@ response.mustcontain('Invalid username or password') + def test_login_non_ascii(self): + response = self.app.post(url(controller='login', action='index'), + {'username': TEST_USER_REGULAR_LOGIN, + 'password': 'blåbærgrød'}) + + response.mustcontain('>Invalid username or password<') + # verify that get arguments are correctly passed along login redirection @parameterized.expand([