Add test for ldap check password with bad base64 hash

2016-08-01 18:29:24 +02:00 · 2016-08-01 18:29:24 +02:00 · d053003344
commit d053003344
parent d25f738b03
2 changed files with 6 additions and 1 deletions
--- a/cas_server/tests/test_utils.py
+++ b/cas_server/tests/test_utils.py
@ -131,8 +131,12 @@ class CheckPasswordCase(TestCase):
        with self.assertRaises(utils.LdapHashUserPassword.BadHash):
            utils.check_password("ldap", self.password1, b"TOTOssdsdsd", "utf8")
        for scheme in schemes_salt:
+            # bad length
            with self.assertRaises(utils.LdapHashUserPassword.BadHash):
                utils.check_password("ldap", self.password1, scheme + b"dG90b3E8ZHNkcw==", "utf8")
+            # bad base64
+            with self.assertRaises(utils.LdapHashUserPassword.BadHash):
+                utils.check_password("ldap", self.password1, scheme + b"dG90b3E8ZHNkcw", "utf8")

    def test_hex(self):
        """test all the hex_HASH method: the hashed password is a simple hash of the password"""
--- a/cas_server/utils.py
+++ b/cas_server/utils.py
@ -28,6 +28,7 @@ import six
 import requests
 import time
 import logging
+import binascii

 from importlib import import_module
 from datetime import datetime, timedelta
@ -563,7 +564,7 @@ class LdapHashUserPassword(object):
        else:
            try:
                hashed_passord = base64.b64decode(hashed_passord[len(scheme):])
-            except TypeError as error:
+            except (TypeError, binascii.Error) as error:
                raise cls.BadHash("Bad base64: %s" % error)
            if len(hashed_passord) < cls._schemes_to_len[scheme]:
                raise cls.BadHash("Hash too short for the scheme %s" % scheme)