Add test for ldap check password with bad base64 hash

This commit is contained in:
Valentin Samir 2016-08-01 18:29:24 +02:00
parent d25f738b03
commit d053003344
2 changed files with 6 additions and 1 deletions

View file

@ -131,8 +131,12 @@ class CheckPasswordCase(TestCase):
with self.assertRaises(utils.LdapHashUserPassword.BadHash):
utils.check_password("ldap", self.password1, b"TOTOssdsdsd", "utf8")
for scheme in schemes_salt:
# bad length
with self.assertRaises(utils.LdapHashUserPassword.BadHash):
utils.check_password("ldap", self.password1, scheme + b"dG90b3E8ZHNkcw==", "utf8")
# bad base64
with self.assertRaises(utils.LdapHashUserPassword.BadHash):
utils.check_password("ldap", self.password1, scheme + b"dG90b3E8ZHNkcw", "utf8")
def test_hex(self):
"""test all the hex_HASH method: the hashed password is a simple hash of the password"""

View file

@ -28,6 +28,7 @@ import six
import requests
import time
import logging
import binascii
from importlib import import_module
from datetime import datetime, timedelta
@ -563,7 +564,7 @@ class LdapHashUserPassword(object):
else:
try:
hashed_passord = base64.b64decode(hashed_passord[len(scheme):])
except TypeError as error:
except (TypeError, binascii.Error) as error:
raise cls.BadHash("Bad base64: %s" % error)
if len(hashed_passord) < cls._schemes_to_len[scheme]:
raise cls.BadHash("Hash too short for the scheme %s" % scheme)