From cc44c1a981c1f226497f6aec26741de7433b6af9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gina=20H=C3=A4u=C3=9Fge?= Date: Tue, 2 May 2017 09:35:02 +0200 Subject: [PATCH] Make sure to properly handle unicode passwords Fix & test for #1891 --- src/octoprint/users.py | 4 ++-- tests/users/test_usermanager.py | 24 ++++++++++++++++++++++++ 2 files changed, 26 insertions(+), 2 deletions(-) create mode 100644 tests/users/test_usermanager.py diff --git a/src/octoprint/users.py b/src/octoprint/users.py index 5f05bc75..cec5a48f 100644 --- a/src/octoprint/users.py +++ b/src/octoprint/users.py @@ -18,7 +18,7 @@ from builtins import range, bytes from octoprint.settings import settings -from octoprint.util import atomic_write +from octoprint.util import atomic_write, to_str class UserManager(object): valid_roles = ["user", "admin"] @@ -114,7 +114,7 @@ class UserManager(object): settings().set(["accessControl", "salt"], salt) settings().save() - return hashlib.sha512(password + salt).hexdigest() + return hashlib.sha512(to_str(password, encoding="utf-8", errors="replace") + to_str(salt)).hexdigest() def checkPassword(self, username, password): user = self.findUser(username) diff --git a/tests/users/test_usermanager.py b/tests/users/test_usermanager.py new file mode 100644 index 00000000..97dc270b --- /dev/null +++ b/tests/users/test_usermanager.py @@ -0,0 +1,24 @@ +# coding=utf-8 +""" +Unit tests for octoprint.users.UserManager +""" + +__license__ = 'GNU Affero General Public License http://www.gnu.org/licenses/agpl.html' +__copyright__ = "Copyright (C) 2017 The OctoPrint Project - Released under terms of the AGPLv3 License" + +import unittest +import ddt + +import octoprint.users + +@ddt.ddt +class UserManagerTest(unittest.TestCase): + + def test_createPasswordHash_nonascii(self): + """Test for issue #1891""" + + password = u"password with ümläutß" + salt = "abc" + + # should not throw an exception + octoprint.users.UserManager.createPasswordHash(password, salt=salt)