From a9ce7687d114fcc9c9d5dc7fff27b5a01d831cb7 Mon Sep 17 00:00:00 2001
From: Dennis Buchhorn <code@b-eit.de>
Date: Mon, 11 Dec 2023 09:12:22 +0100
Subject: [PATCH] feat[__init__.py]: add cache entry drop if password is wrong

---
 radicale-auth-ldap/__init__.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/radicale-auth-ldap/__init__.py b/radicale-auth-ldap/__init__.py
index d361529..7fbebbc 100644
--- a/radicale-auth-ldap/__init__.py
+++ b/radicale-auth-ldap/__init__.py
@@ -84,8 +84,16 @@ class UserCache:
         hashedUserName = hashlib.sha256((userName + self.salt).encode()).hexdigest()
         hashedPassword = hashlib.sha256((password + self.salt).encode()).hexdigest()
 
+        ## Check if user is in cache
         if hashedUserName in self.cache:
-            return self.cache[hashedUserName].checkSecret(hashedPassword)
+            ## Check if user password is correct
+            if self.cache[hashedUserName].checkSecret(hashedPassword):
+                return True
+            else
+                ## Delete cache entry if password is wrong
+                self.cache.pop(hashedUserName)
+
+                return False
         else:
             return False