Changeset - fefd7279e798
Parent rev.
Child rev.
[Not reviewed]
stable
0 2 0
Mads Kiilerich - 8 years ago 2018-01-15 00:34:13
mads@kiilerich.com
login: fix crash when entering non-ASCII password for login (Issue #300)

Avoid errors like
UnicodeEncodeError: 'ascii' codec can't encode characters in position X: ordinal not in range(128)
when the user enters non-ASCII passwords for existing internal accounts in the
login prompt.

The password forms have "always" rejected non-ASCII passwords with
Invalid characters (non-ASCII) in password
2 files changed with 12 insertions and 0 deletions:
kallithea/lib/auth.py
5
kallithea/tests/functional/test_login.py
7
0 comments (0 inline, 0 general)
kallithea/lib/auth.py
Show inline comments
 
@@ -119,12 +119,17 @@ class KallitheaCrypto(object):
 
        implementation based on platform it runs on
 

			




	
	
	
		
 
        :param password: password

			




	
	
	
		
 
        :param hashed: password in hashed form

			




	
	
	
		
 
        """

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            password = str(password)

			




	
	
	
		
 
        except UnicodeEncodeError:

			




	
	
	
		
 
            log.warning('rejecting non-ascii password')

			




	
	
	
		
 
            return False

			




	
	
	
		
 
        if is_windows:

			




	
	
	
		
 
            return hashlib.sha256(password).hexdigest() == hashed

			




	
	
	
		
 
        elif is_unix:

			




	
	
	
		
 
            import bcrypt

			




	
	
	
		
 
            return bcrypt.hashpw(password, hashed) == hashed

			




	
	
	
		
 
        else:

			




        

    


    
    

    

        

                

                    kallithea/tests/functional/test_login.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -130,12 +130,19 @@ class TestLoginController(TestController

			




	
	
	
		
 
        response = self.app.post(url(controller='login', action='index'),

			




	
	
	
		
 
                                 {'username': 'error',

			




	
	
	
		
 
                                  'password': 'test12'})

			




	
	
	
		
 

			




	
	
	
		
 
        response.mustcontain('Invalid username or password')

			




	
	
	
		
 

			




	
	
	
		
 
    def test_login_non_ascii(self):

			




	
	
	
		
 
        response = self.app.post(url(controller='login', action='index'),

			




	
	
	
		
 
                                 {'username': TEST_USER_REGULAR_LOGIN,

			




	
	
	
		
 
                                  'password': 'blåbærgrød'})

			




	
	
	
		
 

			




	
	
	
		
 
        response.mustcontain('>Invalid username or password<')

			




	
	
	
		
 

			




	
	
	
		
 
    # verify that get arguments are correctly passed along login redirection

			




	
	
	
		
 

			




	
	
	
		
 
    @parameterized.expand([

			




	
	
	
		
 
        ({'foo':'one', 'bar':'two'}, (('foo', 'one'), ('bar', 'two'))),

			




	
	
	
		
 
        ({'blue': u'blå'.encode('utf-8'), 'green':u'grøn'},

			




	
	
	
		
 
             (('blue', u'blå'.encode('utf-8')), ('green', u'grøn'.encode('utf-8')))),

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.