forked from github/server
do not fail on malformed passwords
This commit is contained in:
parent
9258613ae9
commit
acb1de2eef
|
@ -69,7 +69,12 @@ class EPasswd:
|
||||||
def check(self, id, passwd):
|
def check(self, id, passwd):
|
||||||
pw = self.get_passwd(id)
|
pw = self.get_passwd(id)
|
||||||
if pw[0:4]=='$2a$' or pw[0:4]=='$2y$':
|
if pw[0:4]=='$2a$' or pw[0:4]=='$2y$':
|
||||||
return bcrypt.checkpw(passwd.encode('utf8'), pw.encode('utf8'))
|
try:
|
||||||
|
h1 = pw.encode('utf8')
|
||||||
|
h2 = passwd.encode('utf8')
|
||||||
|
return bcrypt.checkpw(h1, h2)
|
||||||
|
except:
|
||||||
|
return False
|
||||||
return pw == passwd
|
return pw == passwd
|
||||||
|
|
||||||
def get_passwd(self, id):
|
def get_passwd(self, id):
|
||||||
|
|
Loading…
Reference in New Issue