From efe06971ac7c40ca00a2edf39ed75ed961d5a4a2 Mon Sep 17 00:00:00 2001
From: lian <lian@seafile.com>
Date: Wed, 14 Jul 2021 11:00:16 +0800
Subject: [PATCH] length of webdav secret should be less than 30

---
 seahub/api2/endpoints/webdav_secret.py | 5 +++++
 seahub/utils/hasher.py                 | 1 +
 2 files changed, 6 insertions(+)

diff --git a/seahub/api2/endpoints/webdav_secret.py b/seahub/api2/endpoints/webdav_secret.py
index 76e5258931..a83b26d6c1 100644
--- a/seahub/api2/endpoints/webdav_secret.py
+++ b/seahub/api2/endpoints/webdav_secret.py
@@ -7,6 +7,8 @@ from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
 from rest_framework.views import APIView
 
+from django.utils.translation import ugettext as _
+
 from seahub.api2.authentication import TokenAuthentication
 from seahub.api2.throttling import UserRateThrottle
 from seahub.api2.utils import api_error
@@ -43,6 +45,9 @@ class WebdavSecretView(APIView):
 
         username = request.user.username
         secret = request.data.get("secret", None)
+        if len(secret) >= 30:
+            return api_error(status.HTTP_400_BAD_REQUEST,
+                             _("Length of WebDav password should be less then 30."))
 
         if secret:
             encoded = aes.encode(secret)
diff --git a/seahub/utils/hasher.py b/seahub/utils/hasher.py
index f9f7e9cb04..ac5a490b8f 100644
--- a/seahub/utils/hasher.py
+++ b/seahub/utils/hasher.py
@@ -51,4 +51,5 @@ class AESPasswordHasher:
             raise AESPasswordDecodeError
         data = data.encode('utf-8')
 
+        data += b'='*4
         return DecodeAES(self.cipher, data)