policies/hibp: ensure password is encodable
closes AUTHENTIK-1SA Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
33567b56d7
commit
6a411d7960
|
@ -45,7 +45,7 @@ class HaveIBeenPwendPolicy(Policy):
|
|||
fields=request.context.keys(),
|
||||
)
|
||||
return PolicyResult(False, _("Password not set in context"))
|
||||
password = request.context[self.password_field]
|
||||
password = str(request.context[self.password_field])
|
||||
|
||||
pw_hash = sha1(password.encode("utf-8")).hexdigest() # nosec
|
||||
url = f"https://api.pwnedpasswords.com/range/{pw_hash[:5]}"
|
||||
|
|
Reference in New Issue