[auth_ldap][fix] hash ssha from ldap3

This commit is contained in:
Tim Gröger 2021-11-15 22:38:49 +01:00
parent f205291d6d
commit ae1bf6c54b
1 changed files with 3 additions and 2 deletions

View File

@ -6,7 +6,8 @@ from typing import Optional
from flask_ldapconn import LDAPConn from flask_ldapconn import LDAPConn
from flask import current_app as app from flask import current_app as app
from ldap3.core.exceptions import LDAPPasswordIsMandatoryError, LDAPBindError from ldap3.core.exceptions import LDAPPasswordIsMandatoryError, LDAPBindError
from ldap3 import SUBTREE, MODIFY_REPLACE, MODIFY_ADD, MODIFY_DELETE from ldap3 import SUBTREE, MODIFY_REPLACE, MODIFY_ADD, MODIFY_DELETE, HASHED_SALTED_SHA
from ldap3.utils.hashed import hashed
from werkzeug.exceptions import BadRequest, InternalServerError, NotFound from werkzeug.exceptions import BadRequest, InternalServerError, NotFound
from flaschengeist import logger from flaschengeist import logger
@ -241,7 +242,7 @@ class AuthLDAP(AuthPlugin):
password_hash = base64.b64encode(pbkdf2_hmac("sha512", password.encode("utf-8"), salt, rounds)).decode() password_hash = base64.b64encode(pbkdf2_hmac("sha512", password.encode("utf-8"), salt, rounds)).decode()
return f"{{PBKDF2-SHA512}}{rounds}${base64.b64encode(salt).decode()}${password_hash}" return f"{{PBKDF2-SHA512}}{rounds}${base64.b64encode(salt).decode()}${password_hash}"
else: else:
return f"{{SSHA}}{base64.b64encode(sha1(password + salt) + salt)}" return hashed(HASHED_SALTED_SHA, password)
def _get_groups(self, uid): def _get_groups(self, uid):
groups = [] groups = []