Commit d0530033 authored by Valentin Samir's avatar Valentin Samir

Add test for ldap check password with bad base64 hash

parent d25f738b
......@@ -131,8 +131,12 @@ class CheckPasswordCase(TestCase):
with self.assertRaises(utils.LdapHashUserPassword.BadHash):
utils.check_password("ldap", self.password1, b"TOTOssdsdsd", "utf8")
for scheme in schemes_salt:
# bad length
with self.assertRaises(utils.LdapHashUserPassword.BadHash):
utils.check_password("ldap", self.password1, scheme + b"dG90b3E8ZHNkcw==", "utf8")
# bad base64
with self.assertRaises(utils.LdapHashUserPassword.BadHash):
utils.check_password("ldap", self.password1, scheme + b"dG90b3E8ZHNkcw", "utf8")
def test_hex(self):
"""test all the hex_HASH method: the hashed password is a simple hash of the password"""
......
......@@ -28,6 +28,7 @@ import six
import requests
import time
import logging
import binascii
from importlib import import_module
from datetime import datetime, timedelta
......@@ -563,7 +564,7 @@ class LdapHashUserPassword(object):
else:
try:
hashed_passord = base64.b64decode(hashed_passord[len(scheme):])
except TypeError as error:
except (TypeError, binascii.Error) as error:
raise cls.BadHash("Bad base64: %s" % error)
if len(hashed_passord) < cls._schemes_to_len[scheme]:
raise cls.BadHash("Hash too short for the scheme %s" % scheme)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment