1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
From 6312a41e037954850867f29d329e5007df1424a5 Mon Sep 17 00:00:00 2001
From: Ioannis Kakavas <ikakavas@noc.grnet.gr>
Date: Tue, 12 Sep 2017 12:22:47 +0300
Subject: [PATCH] Quick fix for the authentication bypass due to optimizations
#451
---
src/saml2/authn.py | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/saml2/authn.py b/src/saml2/authn.py
index 1f2d02cf..1e1a220b 100644
--- a/src/saml2/authn.py
+++ b/src/saml2/authn.py
@@ -146,7 +146,8 @@ def __call__(self, cookie=None, policy_url=None, logo_url=None,
return resp
def _verify(self, pwd, user):
- assert is_equal(pwd, self.passwd[user])
+ if not is_equal(pwd, self.passwd[user]):
+ raise ValueError("Wrong password")
def verify(self, request, **kwargs):
"""
@@ -176,7 +177,7 @@ def verify(self, request, **kwargs):
return_to = create_return_url(self.return_to, _dict["query"][0],
**{self.query_param: "true"})
resp = Redirect(return_to, headers=[cookie])
- except (AssertionError, KeyError):
+ except (ValueError, KeyError):
resp = Unauthorized("Unknown user or wrong password")
return resp
|
GitWeb
