trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

policies/hibp: ensure password is encodable 

closes AUTHENTIK-1SA

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-01-23 21:23:24 +01:00
parent 33567b56d7
commit 6a411d7960
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
authentik/policies/hibp/models.py
View File

@ -45,7 +45,7 @@ class HaveIBeenPwendPolicy(Policy):
fields=request.context.keys(), fields=request.context.keys(),
) )
return PolicyResult(False, _("Password not set in context")) return PolicyResult(False, _("Password not set in context"))
password = request.context[self.password_field] password = str(request.context[self.password_field])
pw_hash = sha1(password.encode("utf-8")).hexdigest() # nosec pw_hash = sha1(password.encode("utf-8")).hexdigest() # nosec
url = f"https://api.pwnedpasswords.com/range/{pw_hash[:5]}" url = f"https://api.pwnedpasswords.com/range/{pw_hash[:5]}"