From 41ab96e142955983c4ae2c18df44bd32dcdbc529 Mon Sep 17 00:00:00 2001
From: Peter Bieringer <pb@bieringer.de>
Date: Sat, 8 Mar 2025 17:27:02 +0100
Subject: [PATCH] catch ValueError on verify, adjust log level for failed
 logins

---
 radicale/auth/htpasswd.py | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/radicale/auth/htpasswd.py b/radicale/auth/htpasswd.py
index e542fd72..88b73cca 100644
--- a/radicale/auth/htpasswd.py
+++ b/radicale/auth/htpasswd.py
@@ -286,12 +286,16 @@ class Auth(auth.BaseAuth):
                 login_ok = True
 
         if login_ok is True:
-            (method, password_ok) = self._verify(digest, password)
+            try:
+                (method, password_ok) = self._verify(digest, password)
+            except ValueError as e:
+                logger.warning("Login verification failed for user: '%s' (method '%s') %s", login, self._encryption, e)
+                return ""
             logger.debug("Login verification successful for user: '%s' (method '%s')", login, method)
             if password_ok:
                 return login
             else:
-                logger.debug("Login verification failed for user: '%s' ( method '%s')", login, method)
+                logger.warning("Login verification failed for user: '%s' (method '%s')", login, method)
         else:
-            logger.debug("Login verification user not found: '%s'", login)
+            logger.warning("Login verification user not found: '%s'", login)
         return ""