length of webdav secret should be less than 30

2025-09-25 14:50:29 +00:00 · 2021-07-14 11:00:16 +08:00
parent 93227320f4
commit efe06971ac
2 changed files with 6 additions and 0 deletions
--- a/seahub/api2/endpoints/webdav_secret.py
+++ b/seahub/api2/endpoints/webdav_secret.py
@@ -7,6 +7,8 @@ from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
 from rest_framework.views import APIView

+from django.utils.translation import ugettext as _
+
 from seahub.api2.authentication import TokenAuthentication
 from seahub.api2.throttling import UserRateThrottle
 from seahub.api2.utils import api_error
@@ -43,6 +45,9 @@ class WebdavSecretView(APIView):

        username = request.user.username
        secret = request.data.get("secret", None)
+        if len(secret) >= 30:
+            return api_error(status.HTTP_400_BAD_REQUEST,
+                             _("Length of WebDav password should be less then 30."))

        if secret:
            encoded = aes.encode(secret)
--- a/seahub/utils/hasher.py
+++ b/seahub/utils/hasher.py
@@ -51,4 +51,5 @@ class AESPasswordHasher:
            raise AESPasswordDecodeError
        data = data.encode('utf-8')

+        data += b'='*4
        return DecodeAES(self.cipher, data)