httpauth.py: Don't crash if Base-64 decoding of the CSRF token fails.

author Mark Wooding <mdw@distorted.org.uk>

Thu, 23 Jan 2014 19:06:06 +0000 (19:06 +0000)

committer Mark Wooding <mdw@distorted.org.uk>

Thu, 23 Jan 2014 19:08:50 +0000 (19:08 +0000)
author Mark Wooding <mdw@distorted.org.uk>
Thu, 23 Jan 2014 19:06:06 +0000 (19:06 +0000)
committer Mark Wooding <mdw@distorted.org.uk>
Thu, 23 Jan 2014 19:08:50 +0000 (19:08 +0000)
diff --git a/httpauth.py b/httpauth.py

index 31e4ca1..739d1df 100644 (file)
--- a/httpauth.py
+++ b/httpauth.py
@@ -158,7 +158,10 @@ def hack_octets(s):
  def unhack_octets(s):
    """Reverse the operation done by `hack_octets'."""
    pad = (len(s) + 3)&3 - len(s)
-  return BN.b64decode(s + '='*pad, '+$')
+  try:
+    return BN.b64decode(s + '='*pad, '+$')
+  except TypeError:
+    raise AuthenticationFailed, 'BADNONCE'
  
  def auth_tag(sec, stamp, user):
    """Compute a tag using secret SEC on `STAMP.USER'."""
author	Mark Wooding <mdw@distorted.org.uk>
	Thu, 23 Jan 2014 19:06:06 +0000 (19:06 +0000)
committer	Mark Wooding <mdw@distorted.org.uk>
	Thu, 23 Jan 2014 19:08:50 +0000 (19:08 +0000)