kallithea Changeset - 30d61922f24e

Changeset - 30d61922f24e

Parent rev.

Child rev.

[Not reviewed]

default

0 1 0

Mads Kiilerich - 8 years ago 2017-06-11 15:02:09
mads@kiilerich.com

auth: fix crash on invalid bcrypt password

When an invalid password was specified, it would with an exception:

File "kallithea/lib/auth.py", in check_password
return bcrypt.checkpw(safe_str(password), safe_str(hashed))
ValueError: Invalid hashed_password salt

We do apparently have to catch ValueError and treat it as "invalid password".

1 file changed with 7 insertions and 1 deletions:

kallithea/lib/auth.py

0 comments (0 inline, 0 general)

kallithea/lib/auth.py

➞

Show inline comments

@@ @@ -118,13 +118,19 @@ def check_password(password, hashed): @@
     """
     if is_windows:
         return hashlib.sha256(password).hexdigest() == hashed
     elif is_unix:
         import bcrypt
         return bcrypt.checkpw(safe_str(password), safe_str(hashed))
         print (safe_str(password), safe_str(hashed))
         try:
             return bcrypt.checkpw(safe_str(password), safe_str(hashed))
         except ValueError as e:
             # bcrypt will throw ValueError 'Invalid hashed_password salt' on all password errors
             log.error('error from bcrypt checking password: %s', e)
             return False
     else:
         raise Exception('Unknown or unsupported platform %s' \
                         % __platform__)
 def _cached_perms_data(user_id, user_is_admin, user_inherit_default_permissions,

0 comments (0 inline, 0 general)