Changeset - 30d61922f24e
Parent rev.
Child rev.
[Not reviewed]
default
0 1 0
Mads Kiilerich - 8 years ago 2017-06-11 15:02:09
mads@kiilerich.com
auth: fix crash on invalid bcrypt password

When an invalid password was specified, it would with an exception:

File "kallithea/lib/auth.py", in check_password
return bcrypt.checkpw(safe_str(password), safe_str(hashed))
ValueError: Invalid hashed_password salt

We do apparently have to catch ValueError and treat it as "invalid password".
1 file changed with 6 insertions and 0 deletions:
kallithea/lib/auth.py
6
0 comments (0 inline, 0 general)
kallithea/lib/auth.py
Show inline comments
 
@@ -100,49 +100,55 @@ def get_crypt_password(password):
 
    """
 
    if is_windows:
 
        return hashlib.sha256(password).hexdigest()
 
    elif is_unix:
 
        import bcrypt
 
        return bcrypt.hashpw(safe_str(password), bcrypt.gensalt(10))
 
    else:
 
        raise Exception('Unknown or unsupported platform %s' \
 
                        % __platform__)
 

			




	
	
	
		
 

			




	
	
	
		
 
def check_password(password, hashed):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Checks matching password with it's hashed value, runs different

			




	
	
	
		
 
    implementation based on platform it runs on

			




	
	
	
		
 

			




	
	
	
		
 
    :param password: password

			




	
	
	
		
 
    :param hashed: password in hashed form

			




	
	
	
		
 
    """

			




	
	
	
		
 

			




	
	
	
		
 
    if is_windows:

			




	
	
	
		
 
        return hashlib.sha256(password).hexdigest() == hashed

			




	
	
	
		
 
    elif is_unix:

			




	
	
	
		
 
        import bcrypt

			




	
	
	
		
 
        print (safe_str(password), safe_str(hashed))

			




	
	
	
		
 
        try:

			




	
	
	
		
 
        return bcrypt.checkpw(safe_str(password), safe_str(hashed))

			




	
	
	
		
 
        except ValueError as e:

			




	
	
	
		
 
            # bcrypt will throw ValueError 'Invalid hashed_password salt' on all password errors

			




	
	
	
		
 
            log.error('error from bcrypt checking password: %s', e)

			




	
	
	
		
 
            return False

			




	
	
	
		
 
    else:

			




	
	
	
		
 
        raise Exception('Unknown or unsupported platform %s' \

			




	
	
	
		
 
                        % __platform__)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def _cached_perms_data(user_id, user_is_admin, user_inherit_default_permissions,

			




	
	
	
		
 
                       explicit, algo):

			




	
	
	
		
 
    RK = 'repositories'

			




	
	
	
		
 
    GK = 'repositories_groups'

			




	
	
	
		
 
    UK = 'user_groups'

			




	
	
	
		
 
    GLOBAL = 'global'

			




	
	
	
		
 
    PERM_WEIGHTS = Permission.PERM_WEIGHTS

			




	
	
	
		
 
    permissions = {RK: {}, GK: {}, UK: {}, GLOBAL: set()}

			




	
	
	
		
 

			




	
	
	
		
 
    def _choose_perm(new_perm, cur_perm):

			




	
	
	
		
 
        new_perm_val = PERM_WEIGHTS[new_perm]

			




	
	
	
		
 
        cur_perm_val = PERM_WEIGHTS[cur_perm]

			




	
	
	
		
 
        if algo == 'higherwin':

			




	
	
	
		
 
            if new_perm_val > cur_perm_val:

			




	
	
	
		
 
                return new_perm

			




	
	
	
		
 
            return cur_perm

			




	
	
	
		
 
        elif algo == 'lowerwin':

			




	
	
	
		
 
            if new_perm_val < cur_perm_val:

			




	
	
	
		
 
                return new_perm

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.