Make sure login do not throw exception for unknown users.

This commit is contained in:
Petter Reinholdtsen 2013-09-26 20:04:27 +02:00
parent 0954d9d383
commit 6630a8f3d5

View File

@ -27,7 +27,10 @@ def check_credentials(username, passphrase):
cfg.log(error)
return error
u = cfg.users[username]
if username in cfg.users:
u = cfg.users[username]
else:
u = None
# hash the password whether the user exists, to foil timing
# side-channel attacks
pass_hash = hashlib.md5(passphrase).hexdigest()