Mercurial Mercurial > pub > hg > cubicweb / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
[server/utils] catch ValueError from password verification stable cubicweb-version-3.15.4
authorJulien Cristau <julien.cristau@logilab.fr>
Mon, 10 Sep 2012 15:08:55 +0200
branchstable
changeset 8550 63260486de89
parent 8548 eeabc752c32e
child 8552 70cb36c826df
[server/utils] catch ValueError from password verification passlib can raise ValueError when it can't recognized a hash. Treat that as a wrong password.
server/utils.py file | annotate | diff | comparison | revisions 
--- a/server/utils.py	Thu Sep 06 15:03:52 2012 +0200
+++ b/server/utils.py	Mon Sep 10 15:08:55 2012 +0200
@@ -64,8 +64,11 @@
     # empty hash, accept any password for backwards compat
     if salt == '':
         return salt
-    if _CRYPTO_CTX.verify(passwd, salt):
-        return salt
+    try:
+        if _CRYPTO_CTX.verify(passwd, salt):
+            return salt
+    except ValueError: # e.g. couldn't identify hash
+        pass
     # wrong password
     return ''
cubicweb