From 15cd41db839833118dbbd6ec5ca5b91a8f61685d Mon Sep 17 00:00:00 2001 From: Tom Hacohen Date: Sun, 31 May 2020 16:28:54 +0300 Subject: [PATCH] login: gracefully handle bad login attempts. --- django_etesync/views.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/django_etesync/views.py b/django_etesync/views.py index ac7a007..e73d567 100644 --- a/django_etesync/views.py +++ b/django_etesync/views.py @@ -647,7 +647,11 @@ class AuthenticationViewSet(viewsets.ViewSet): return Response(content, status=status.HTTP_400_BAD_REQUEST) verify_key = nacl.signing.VerifyKey(bytes(user.userinfo.loginPubkey), encoder=nacl.encoding.RawEncoder) - verify_key.verify(response_raw, signature) + + try: + verify_key.verify(response_raw, signature) + except nacl.exceptions.BadSignatureError: + return Response({'code': 'login_bad_signature'}, status=status.HTTP_400_BAD_REQUEST) data = self.login_response_data(user) return Response(data, status=status.HTTP_200_OK)