do not fail on malformed passwords

This commit is contained in:
Enno Rehling 2019-02-28 10:32:08 +01:00
parent 9258613ae9
commit acb1de2eef
1 changed files with 6 additions and 1 deletions

View File

@ -69,7 +69,12 @@ class EPasswd:
def check(self, id, passwd): def check(self, id, passwd):
pw = self.get_passwd(id) pw = self.get_passwd(id)
if pw[0:4]=='$2a$' or pw[0:4]=='$2y$': if pw[0:4]=='$2a$' or pw[0:4]=='$2y$':
return bcrypt.checkpw(passwd.encode('utf8'), pw.encode('utf8')) try:
h1 = pw.encode('utf8')
h2 = passwd.encode('utf8')
return bcrypt.checkpw(h1, h2)
except:
return False
return pw == passwd return pw == passwd
def get_passwd(self, id): def get_passwd(self, id):