kallithea Changeset - fefd7279e798

Changeset - fefd7279e798

Parent rev.

Child rev.

[Not reviewed]

stable

0 2 0

Mads Kiilerich - 8 years ago 2018-01-15 00:34:13
mads@kiilerich.com

login: fix crash when entering non-ASCII password for login (Issue #300)

Avoid errors like
UnicodeEncodeError: 'ascii' codec can't encode characters in position X: ordinal not in range(128)
when the user enters non-ASCII passwords for existing internal accounts in the
login prompt.

The password forms have "always" rejected non-ASCII passwords with
Invalid characters (non-ASCII) in password

2 files changed with 12 insertions and 0 deletions:

kallithea/lib/auth.py

kallithea/tests/functional/test_login.py

0 comments (0 inline, 0 general)

kallithea/lib/auth.py

➞

Show inline comments

@@ @@ -122,6 +122,11 @@ class KallitheaCrypto(object): @@
         :param hashed: password in hashed form
         """
         try:
             password = str(password)
         except UnicodeEncodeError:
             log.warning('rejecting non-ascii password')
             return False
         if is_windows:
             return hashlib.sha256(password).hexdigest() == hashed
         elif is_unix:

kallithea/tests/functional/test_login.py

➞

Show inline comments

@@ @@ -133,6 +133,13 @@ class TestLoginController(TestController @@
         response.mustcontain('Invalid username or password')
     def test_login_non_ascii(self):
         response = self.app.post(url(controller='login', action='index'),
                                  {'username': TEST_USER_REGULAR_LOGIN,
                                   'password': 'blåbærgrød'})
         response.mustcontain('>Invalid username or password<')
     # verify that get arguments are correctly passed along login redirection
     @parameterized.expand([

0 comments (0 inline, 0 general)