Commit d0530033 authored by Valentin Samir's avatar Valentin Samir

Add test for ldap check password with bad base64 hash

parent d25f738b
...@@ -131,8 +131,12 @@ class CheckPasswordCase(TestCase): ...@@ -131,8 +131,12 @@ class CheckPasswordCase(TestCase):
with self.assertRaises(utils.LdapHashUserPassword.BadHash): with self.assertRaises(utils.LdapHashUserPassword.BadHash):
utils.check_password("ldap", self.password1, b"TOTOssdsdsd", "utf8") utils.check_password("ldap", self.password1, b"TOTOssdsdsd", "utf8")
for scheme in schemes_salt: for scheme in schemes_salt:
# bad length
with self.assertRaises(utils.LdapHashUserPassword.BadHash): with self.assertRaises(utils.LdapHashUserPassword.BadHash):
utils.check_password("ldap", self.password1, scheme + b"dG90b3E8ZHNkcw==", "utf8") utils.check_password("ldap", self.password1, scheme + b"dG90b3E8ZHNkcw==", "utf8")
# bad base64
with self.assertRaises(utils.LdapHashUserPassword.BadHash):
utils.check_password("ldap", self.password1, scheme + b"dG90b3E8ZHNkcw", "utf8")
def test_hex(self): def test_hex(self):
"""test all the hex_HASH method: the hashed password is a simple hash of the password""" """test all the hex_HASH method: the hashed password is a simple hash of the password"""
......
...@@ -28,6 +28,7 @@ import six ...@@ -28,6 +28,7 @@ import six
import requests import requests
import time import time
import logging import logging
import binascii
from importlib import import_module from importlib import import_module
from datetime import datetime, timedelta from datetime import datetime, timedelta
...@@ -563,7 +564,7 @@ class LdapHashUserPassword(object): ...@@ -563,7 +564,7 @@ class LdapHashUserPassword(object):
else: else:
try: try:
hashed_passord = base64.b64decode(hashed_passord[len(scheme):]) hashed_passord = base64.b64decode(hashed_passord[len(scheme):])
except TypeError as error: except (TypeError, binascii.Error) as error:
raise cls.BadHash("Bad base64: %s" % error) raise cls.BadHash("Bad base64: %s" % error)
if len(hashed_passord) < cls._schemes_to_len[scheme]: if len(hashed_passord) < cls._schemes_to_len[scheme]:
raise cls.BadHash("Hash too short for the scheme %s" % scheme) raise cls.BadHash("Hash too short for the scheme %s" % scheme)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment