Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Cloud:OpenStack:Pike
python-pysaml2
quick-fix-for-the-authentication-bypass-due-to-...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File quick-fix-for-the-authentication-bypass-due-to-optimizations.patch of Package python-pysaml2
diff --git a/src/saml2/authn.py b/src/saml2/authn.py index 1f2d02cf..1e1a220b 100644 --- a/src/saml2/authn.py +++ b/src/saml2/authn.py @@ -146,7 +146,8 @@ def __call__(self, cookie=None, policy_url=None, logo_url=None, return resp def _verify(self, pwd, user): - assert is_equal(pwd, self.passwd[user]) + if not is_equal(pwd, self.passwd[user]): + raise ValueError("Wrong password") def verify(self, request, **kwargs): """ @@ -176,7 +177,7 @@ def verify(self, request, **kwargs): return_to = create_return_url(self.return_to, _dict["query"][0], **{self.query_param: "true"}) resp = Redirect(return_to, headers=[cookie]) - except (AssertionError, KeyError): + except (ValueError, KeyError): resp = Unauthorized("Unknown user or wrong password") return resp
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor