jeans/supervisor
jeans/supervisor
1
0
Fork 0
mirror of https://github.com/home-assistant/supervisor.git synced 2025-07-23 17:16:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix password hack (#368)

Browse Source
This commit is contained in:
Pascal Vizeli 2018-02-18 11:51:11 +01:00 committed by GitHub
parent 65a2bf2d18
commit d067dd643e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
hassio/snapshots/utils.py
View File

@ -1,6 +1,9 @@
"""Util addons functions."""
import hashlib
import shutil
import re
RE_DIGITS = re.compile(r"\d+")
def password_to_key(password):
@ -15,7 +18,10 @@ def password_for_validating(password):
"""Generate a SHA256 hash from password."""
for _ in range(100):
password = hashlib.sha256(password.encode()).hexdigest()
return password
try:
return sum(map(int, RE_DIGITS.findall(password)))
except ValueError:
return 0
def key_to_iv(key):

3
hassio/snapshots/validate.py
View File

@ -29,8 +29,7 @@ SCHEMA_SNAPSHOT = vol.Schema({
vol.Required(ATTR_TYPE): vol.In([SNAPSHOT_FULL, SNAPSHOT_PARTIAL]),
vol.Required(ATTR_NAME): vol.Coerce(str),
vol.Required(ATTR_DATE): vol.Coerce(str),
vol.Inclusive(ATTR_PROTECTED, 'encrypted'):
vol.All(vol.Coerce(str), vol.Length(64)),
vol.Inclusive(ATTR_PROTECTED, 'encrypted'): vol.Coerce(int),
vol.Inclusive(ATTR_CRYPTO, 'encrypted'): CRYPTO_AES128,
vol.Optional(ATTR_HOMEASSISTANT, default=dict): vol.Schema({
vol.Optional(ATTR_VERSION): vol.Coerce(str),