do not fail on malformed passwords

2019-02-28 10:32:08 +01:00 · 2019-02-28 10:32:08 +01:00 · acb1de2eef
parent 9258613ae9
commit acb1de2eef
1 changed files with 6 additions and 1 deletions
--- a/process/epasswd.py
+++ b/process/epasswd.py
@ -69,7 +69,12 @@ class EPasswd:
    def check(self, id, passwd):
        pw = self.get_passwd(id)
        if pw[0:4]=='$2a$' or pw[0:4]=='$2y$':
-            return bcrypt.checkpw(passwd.encode('utf8'), pw.encode('utf8'))
+            try:
+                h1 = pw.encode('utf8')
+                h2 = passwd.encode('utf8')
+                return bcrypt.checkpw(h1, h2)
+            except:
+                return False
        return pw == passwd

    def get_passwd(self, id):