From d067dd643e672f997bd9089d3c3e5b83b5211dd4 Mon Sep 17 00:00:00 2001
From: Pascal Vizeli <pascal.vizeli@syshack.ch>
Date: Sun, 18 Feb 2018 11:51:11 +0100
Subject: [PATCH] Fix password hack (#368)

---
 hassio/snapshots/utils.py    | 8 +++++++-
 hassio/snapshots/validate.py | 3 +--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/hassio/snapshots/utils.py b/hassio/snapshots/utils.py
index 64b15185d..130859231 100644
--- a/hassio/snapshots/utils.py
+++ b/hassio/snapshots/utils.py
@@ -1,6 +1,9 @@
 """Util addons functions."""
 import hashlib
 import shutil
+import re
+
+RE_DIGITS = re.compile(r"\d+")
 
 
 def password_to_key(password):
@@ -15,7 +18,10 @@ def password_for_validating(password):
     """Generate a SHA256 hash from password."""
     for _ in range(100):
         password = hashlib.sha256(password.encode()).hexdigest()
-    return password
+    try:
+        return sum(map(int, RE_DIGITS.findall(password)))
+    except ValueError:
+        return 0
 
 
 def key_to_iv(key):
diff --git a/hassio/snapshots/validate.py b/hassio/snapshots/validate.py
index 2c8ea9eae..7f358ddab 100644
--- a/hassio/snapshots/validate.py
+++ b/hassio/snapshots/validate.py
@@ -29,8 +29,7 @@ SCHEMA_SNAPSHOT = vol.Schema({
     vol.Required(ATTR_TYPE): vol.In([SNAPSHOT_FULL, SNAPSHOT_PARTIAL]),
     vol.Required(ATTR_NAME): vol.Coerce(str),
     vol.Required(ATTR_DATE): vol.Coerce(str),
-    vol.Inclusive(ATTR_PROTECTED, 'encrypted'):
-        vol.All(vol.Coerce(str), vol.Length(64)),
+    vol.Inclusive(ATTR_PROTECTED, 'encrypted'): vol.Coerce(int),
     vol.Inclusive(ATTR_CRYPTO, 'encrypted'): CRYPTO_AES128,
     vol.Optional(ATTR_HOMEASSISTANT, default=dict): vol.Schema({
         vol.Optional(ATTR_VERSION): vol.Coerce(str),