allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kentontay...@apache.org
Subject [allura] 01/01: Fix UTF encoding error in HIBP checks; raise related errors with corresponding stack trace
Date Fri, 19 Apr 2019 20:15:55 GMT
This is an automated email from the ASF dual-hosted git repository.

kentontaylor pushed a commit to branch kt/hibp_encoding
in repository https://gitbox.apache.org/repos/asf/allura.git

commit d366345526cdb9cda9be903e4643a1a27e49727e
Author: Kenton Taylor <ktaylor@slashdotmedia.com>
AuthorDate: Fri Apr 19 20:01:38 2019 +0000

    Fix UTF encoding error in HIBP checks; raise related errors with corresponding stack trace
---
 Allura/allura/lib/security.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/Allura/allura/lib/security.py b/Allura/allura/lib/security.py
index 785b1b9..8f5eb4f 100644
--- a/Allura/allura/lib/security.py
+++ b/Allura/allura/lib/security.py
@@ -20,6 +20,8 @@ This module provides the security predicates used in decorating various
models.
 """
 from __future__ import absolute_import, division, print_function, unicode_literals
 
+import six
+import sys
 import logging
 from collections import defaultdict
 import hashlib
@@ -541,7 +543,7 @@ class HIBPClient(object):
         result = 0
         try:
             # sha1 it
-            sha_1 = hashlib.sha1(password).hexdigest()
+            sha_1 = hashlib.sha1(password.encode('utf-8')).hexdigest()
 
             # first 5 for HIBP API
             sha_1_first_5 = sha_1[:5]
@@ -550,12 +552,11 @@ class HIBPClient(object):
             headers = {'User-Agent': '{}-pwnage-checker'.format(tg.config.get('site_name',
'Allura'))}
             resp = requests.get('https://api.pwnedpasswords.com/range/{}'.format(sha_1_first_5),
timeout=1,
                                 headers=headers)
-
             # check results
             result = cls.scan_response(resp, sha_1)
 
         except Exception as ex:
-            raise HIBPClientError(ex)
+            six.reraise(HIBPClientError, ex, sys.exc_info()[2])
 
         if result:
             raise HIBPCompromisedCredentials(result, sha_1_first_5)


Mime
View raw message