# HG changeset patch
# User Julien Cristau <julien.cristau@logilab.fr>
# Date 1347282535 -7200
# Node ID 63260486de89a9dc32128cd0eacef891a668977b
# Parent  eeabc752c32eef362a2d05b5ac552ff8d152eebc
[server/utils] catch ValueError from password verification

passlib can raise ValueError when it can't recognized a hash.  Treat
that as a wrong password.

diff -r eeabc752c32e -r 63260486de89 server/utils.py
--- a/server/utils.py	Thu Sep 06 15:03:52 2012 +0200
+++ b/server/utils.py	Mon Sep 10 15:08:55 2012 +0200
@@ -64,8 +64,11 @@
     # empty hash, accept any password for backwards compat
     if salt == '':
         return salt
-    if _CRYPTO_CTX.verify(passwd, salt):
-        return salt
+    try:
+        if _CRYPTO_CTX.verify(passwd, salt):
+            return salt
+    except ValueError: # e.g. couldn't identify hash
+        pass
     # wrong password
     return ''