From ae1bf6c54bf2e797ca5f95b698c3683f24c71bb6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20Gr=C3=B6ger?= Date: Mon, 15 Nov 2021 22:38:49 +0100 Subject: [PATCH] [auth_ldap][fix] hash ssha from ldap3 --- flaschengeist/plugins/auth_ldap/__init__.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/flaschengeist/plugins/auth_ldap/__init__.py b/flaschengeist/plugins/auth_ldap/__init__.py index 627325a..f017815 100644 --- a/flaschengeist/plugins/auth_ldap/__init__.py +++ b/flaschengeist/plugins/auth_ldap/__init__.py @@ -6,7 +6,8 @@ from typing import Optional from flask_ldapconn import LDAPConn from flask import current_app as app from ldap3.core.exceptions import LDAPPasswordIsMandatoryError, LDAPBindError -from ldap3 import SUBTREE, MODIFY_REPLACE, MODIFY_ADD, MODIFY_DELETE +from ldap3 import SUBTREE, MODIFY_REPLACE, MODIFY_ADD, MODIFY_DELETE, HASHED_SALTED_SHA +from ldap3.utils.hashed import hashed from werkzeug.exceptions import BadRequest, InternalServerError, NotFound from flaschengeist import logger @@ -241,7 +242,7 @@ class AuthLDAP(AuthPlugin): password_hash = base64.b64encode(pbkdf2_hmac("sha512", password.encode("utf-8"), salt, rounds)).decode() return f"{{PBKDF2-SHA512}}{rounds}${base64.b64encode(salt).decode()}${password_hash}" else: - return f"{{SSHA}}{base64.b64encode(sha1(password + salt) + salt)}" + return hashed(HASHED_SALTED_SHA, password) def _get_groups(self, uid): groups = []