Merge pull request #33 from petterreinholdtsen/handle-unknown-users

Make sure login do not throw exception for unknown users.
2026-04-15 09:51:21 +00:00 · 2013-09-28 10:33:48 -07:00 · 2013-09-28 10:33:48 -07:00 · 6758aa0d36
commit 6758aa0d36
parent 0954d9d383 6630a8f3d5
1 changed files with 4 additions and 1 deletions
--- a/modules/installed/lib/auth.py
+++ b/modules/installed/lib/auth.py
@ -27,7 +27,10 @@ def check_credentials(username, passphrase):
        cfg.log(error)
        return error

-    u = cfg.users[username]
+    if username in cfg.users:
+        u = cfg.users[username]
+    else:
+        u = None
    # hash the password whether the user exists, to foil timing
    # side-channel attacks
    pass_hash = hashlib.md5(passphrase).hexdigest()