Closed toconnell closed 5 years ago
Just got another one of these:
User OID: 666 Method: POST URL: http://api.thewatcher.io/login JSON: {u'username': u'REDACTED@REDACTED.com', u'password': u'Kurf\xfcrsten104c'}
Traceback (most recent call last): File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1639, in full_dispatch_request rv = self.dispatch_request() File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1625, in dispatch_request return self.view_functions[rule.endpoint](**req.view_args) File "/home/toconnell/kdm-manager/v2/api/utils.py", line 518, in wrapped_function resp = make_response(f(*args, **kwargs)) File "/home/toconnell/kdm-manager/v2/api/api.py", line 163, in get_token U = users.authenticate(request.json.get("username",None), request.json.get("password",None)) File "/home/toconnell/kdm-manager/v2/api/models/users.py", line 44, in authenticate if user is not None and safe_str_cmp(user["password"], md5(password).hexdigest()): UnicodeEncodeError: 'ascii' codec can't encode character u'\xfc' in position 4: ordinal not in range(128)
I think it's the MD5 thing. New, salted encoded probably fixes this, but we should test before it goes out.
My surmise was correct, so I'll just to have to test for oddball unicode characters and NOT pass them to the MD5/legacy password support checker.
OK! Done and dusted. This ships in the next release.
Boy. Not...really sure what to do about this one.