diff options
author | Roland Hedberg <roland@catalogix.se> | 2017-10-11 08:39:17 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-10-11 08:39:17 +0200 |
commit | efe27e2f40bf1c35d847f935ba74b4b86aa90fb5 (patch) | |
tree | d2703757ac88a8715d09a52bbb6887a897a1f3af | |
parent | 46d24f6af561d75d455f7b73e5a3d19837d32d2f (diff) | |
parent | 6312a41e037954850867f29d329e5007df1424a5 (diff) | |
download | pysaml2-efe27e2f40bf1c35d847f935ba74b4b86aa90fb5.tar.gz |
Merge pull request #454 from jkakavas/fix_authn
Quick fix for the authentication bypass due to optimizations #451
-rw-r--r-- | src/saml2/authn.py | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/saml2/authn.py b/src/saml2/authn.py index 1f2d02cf..1e1a220b 100644 --- a/src/saml2/authn.py +++ b/src/saml2/authn.py @@ -146,7 +146,8 @@ class UsernamePasswordMako(UserAuthnMethod): return resp def _verify(self, pwd, user): - assert is_equal(pwd, self.passwd[user]) + if not is_equal(pwd, self.passwd[user]): + raise ValueError("Wrong password") def verify(self, request, **kwargs): """ @@ -176,7 +177,7 @@ class UsernamePasswordMako(UserAuthnMethod): return_to = create_return_url(self.return_to, _dict["query"][0], **{self.query_param: "true"}) resp = Redirect(return_to, headers=[cookie]) - except (AssertionError, KeyError): + except (ValueError, KeyError): resp = Unauthorized("Unknown user or wrong password") return resp |