UnknownHashError when user has a blank or null current password
pytrumpeter opened this issue · comments
When the password stored in the database for a user is blank (''
) or null, passlib cannot hash the value for comparison and an UnknownHashError
is returned when verify_password
is called.
Reference: https://github.com/level12/gb-h2r/issues/919#issue-1321282556
We'll need more info on this one, as I have not been able to reproduce a test case.
@guruofgentoo I can't reproduce now with a null password value in the database, but I can with a blank password value by doing this in How2Recycle:
- Set a user's password to '', not null
- Remove the
try/except
here, which we originally added to work around this issue - Attempt log in with that user, with any password.
The reason I wasn't reproducing a case is because the test suite uses plaintext passwords for speed. There doesn't seem to be a great way to mock in another crypt context later on, but we can mock the comparator to test that the exception is trapped.