search

toconnell / kdm-manager

An interactive campaign manager for the game "Monster", by Kingdom Death. Development blog and release notes at https://blog.kdm-manager.com This project has no affiliation with Kingdom Death and is a totally independent, fan-maintained project.
http://kdm-manager.com
Other
26 stars 11 forks source link

Login: password character encoding issue #497

Closed toconnell closed 5 years ago

toconnell commented 6 years ago

User OID: 666 Method: POST URL: http://api.thewatcher.io/login JSON: {u'username': u'REDACTED@REDACTED.com', u'password': u'No\xf1ose'}

Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1639, in full_dispatch_request
 rv = self.dispatch_request()
File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1625, in dispatch_request
 return self.view_functions[rule.endpoint](**req.view_args)
File "/home/toconnell/kdm-manager/v2/api/utils.py", line 516, in wrapped_function
 resp = make_response(f(*args, **kwargs))
File "/home/toconnell/kdm-manager/v2/api/api.py", line 178, in get_token
 U = users.authenticate(request.json.get("username",None), request.json.get("password",None))
File "/home/toconnell/kdm-manager/v2/api/models/users.py", line 44, in authenticate
 if user is not None and safe_str_cmp(user["password"], md5(password).hexdigest()):
UnicodeEncodeError: 'ascii' codec can't encode character u'\xf1' in position 2: ordinal not in range(128)

Boy. Not...really sure what to do about this one.

toconnell commented 5 years ago

Just got another one of these:

User OID: 666 Method: POST URL: http://api.thewatcher.io/login JSON: {u'username': u'REDACTED@REDACTED.com', u'password': u'Kurf\xfcrsten104c'}

Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1639, in full_dispatch_request
 rv = self.dispatch_request()
File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1625, in dispatch_request
 return self.view_functions[rule.endpoint](**req.view_args)
File "/home/toconnell/kdm-manager/v2/api/utils.py", line 518, in wrapped_function
 resp = make_response(f(*args, **kwargs))
File "/home/toconnell/kdm-manager/v2/api/api.py", line 163, in get_token
 U = users.authenticate(request.json.get("username",None), request.json.get("password",None))
File "/home/toconnell/kdm-manager/v2/api/models/users.py", line 44, in authenticate
 if user is not None and safe_str_cmp(user["password"], md5(password).hexdigest()):
UnicodeEncodeError: 'ascii' codec can't encode character u'\xfc' in position 4: ordinal not in range(128)
toconnell commented 5 years ago

I think it's the MD5 thing. New, salted encoded probably fixes this, but we should test before it goes out.

toconnell commented 5 years ago

My surmise was correct, so I'll just to have to test for oddball unicode characters and NOT pass them to the MD5/legacy password support checker.

toconnell commented 5 years ago

OK! Done and dusted. This ships in the next release.