Catch exception when the client sends a false login key that isn't found in redis.

2024-09-19 15:31:31 +00:00 · 2020-05-17 20:20:49 +01:00 · 2020-05-17 20:20:49 +01:00 · 7552998bbe
commit 7552998bbe
parent dbf7e4d35e
1 changed files with 5 additions and 1 deletions
--- a/houdini/handlers/login/world.py
+++ b/houdini/handlers/login/world.py
@ -77,7 +77,11 @@ async def handle_legacy_login(p, credentials: Credentials):
    tr.delete(f'{credentials.username}.lkey', f'{credentials.username}.ckey')
    login_key, _ = await tr.execute()

-    login_key = login_key.decode()
+    try:
+        login_key = login_key.decode()
+    except:
+        return await p.close()
+
    login_hash = Crypto.encrypt_password(login_key + p.server.config.auth_key) + login_key

    if login_key is None or login_hash != credentials.password: