Catch exception when the client sends a false login key that isn't found in redis.

This commit is contained in:
rsakeys 2020-05-17 20:20:49 +01:00
parent dbf7e4d35e
commit 7552998bbe

View File

@ -77,7 +77,11 @@ async def handle_legacy_login(p, credentials: Credentials):
tr.delete(f'{credentials.username}.lkey', f'{credentials.username}.ckey')
login_key, _ = await tr.execute()
login_key = login_key.decode()
try:
login_key = login_key.decode()
except:
return await p.close()
login_hash = Crypto.encrypt_password(login_key + p.server.config.auth_key) + login_key
if login_key is None or login_hash != credentials.password: