Changeset - 30d61922f24e
Parent rev.
Child rev.
[Not reviewed]
default
0 1 0
Mads Kiilerich - 8 years ago 2017-06-11 15:02:09
mads@kiilerich.com
auth: fix crash on invalid bcrypt password

When an invalid password was specified, it would with an exception:

File "kallithea/lib/auth.py", in check_password
return bcrypt.checkpw(safe_str(password), safe_str(hashed))
ValueError: Invalid hashed_password salt

We do apparently have to catch ValueError and treat it as "invalid password".
1 file changed with 7 insertions and 1 deletions:
kallithea/lib/auth.py
7
1
0 comments (0 inline, 0 general)
kallithea/lib/auth.py
Show inline comments
 
@@ -121,7 +121,13 @@ def check_password(password, hashed):
 
        return hashlib.sha256(password).hexdigest() == hashed
 
    elif is_unix:
 
        import bcrypt
 
        return bcrypt.checkpw(safe_str(password), safe_str(hashed))
 
        print (safe_str(password), safe_str(hashed))
 
        try:
 
            return bcrypt.checkpw(safe_str(password), safe_str(hashed))
 
        except ValueError as e:
 
            # bcrypt will throw ValueError 'Invalid hashed_password salt' on all password errors
 
            log.error('error from bcrypt checking password: %s', e)
 
            return False
 
    else:
 
        raise Exception('Unknown or unsupported platform %s' \
 
                        % __platform__)
0 comments (0 inline, 0 general)
This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3.