fix: Handle non-ASCII characters in username comparison (viur-framewo…

…rk#1112) Login causes error 500 when e.g. umlauts are being used.
KadirBalku · Mar 19, 2024 · 82736b6 · 82736b6
1 parent cf4ce9b
commit 82736b6
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,10 @@
 
 This file documents any relevant changes done to ViUR-core since version 3.
 
+## [3.5.17]
+
+- fix: Handle non-ASCII characters in username comparison (#1112)
+
 ## [3.5.16]
 
 - chore: Dependency updates

diff --git a/src/viur/core/modules/user.py b/src/viur/core/modules/user.py
@@ -305,7 +305,7 @@ def login(self, *, name: str | None = None, password: str | None = None, **kwarg
 
         # Check if the username matches
         stored_user_name = (user_entry.get("name") or {}).get("idx") or ""
-        is_okay = secrets.compare_digest(stored_user_name, name)
+        is_okay = secrets.compare_digest(stored_user_name.encode(), name.encode())
 
         # Check if the password matches
         stored_password_hash = password_data.get("pwhash", b"-invalid-")

diff --git a/src/viur/core/version.py b/src/viur/core/version.py
@@ -3,7 +3,7 @@
 # This will mark it as a pre-release as well on PyPI.
 # See CONTRIBUTING.md for further information.
 
-__version__ = "3.5.16"
+__version__ = "3.5.17"
 
 assert __version__.count(".") >= 2 and "".join(__version__.split(".", 3)[:3]).isdigit(), \
     "Semantic __version__ expected!"