ldap: decode decrypted password (#41875)

Crypto functions work with bytes.
2020-04-20 15:06:55 +02:00 · 2020-04-20 15:06:55 +02:00 · 70c6320ed9
parent a89c9a1c41
commit 70c6320ed9
2 changed files with 4 additions and 3 deletions
--- a/src/authentic2/backends/ldap_backend.py
+++ b/src/authentic2/backends/ldap_backend.py
@ -318,7 +318,7 @@ class LDAPUser(User):
            password = cache.get(self.dn)
            if password is not None:
                try:
-                    password = crypto.aes_base64_decrypt(settings.SECRET_KEY, password)
+                    password = force_text(crypto.aes_base64_decrypt(settings.SECRET_KEY, password))
                except crypto.DecryptionError:
                    logging.getLogger(__name__).error('unable to decrypt a stored LDAP password')
                    self.keep_password_in_session(None)
--- a/tests/test_ldap.py
+++ b/tests/test_ldap.py
@ -208,9 +208,10 @@ def test_keep_password_in_session(slapd, settings, client, db):
    assert user.ou == get_default_ou()
    assert not user.check_password(PASS)
    assert client.session['ldap-data']['password']
-    assert force_bytes(DN) in result.context['request'].user.ldap_data[b'password']
+    assert force_text(DN) in result.context['request'].user.ldap_data['password']
    assert crypto.aes_base64_decrypt(
-        settings.SECRET_KEY, result.context['request'].user.ldap_data[b'password'][force_bytes(DN)]) == force_bytes(PASS)
+        settings.SECRET_KEY,
+        force_bytes(result.context['request'].user.ldap_data['password'][force_text(DN)])) == force_bytes(PASS)


@pytest.mark.django_db