# HG changeset patch
# User Dennis Fink <dennis.fink@c3l.lu>
# Date 2022-06-10 09:36:49
# Node ID e7524377edcb5d14c42beed862197ecaf2c79096
# Parent  bfccdcd998fcc97cd19fc1d8d50722b38b333238

werkzeug.security doesn't have a safe_str_cmp anymore. Use hmac implementation instead.

diff --git a/spaceapi/auth.py b/spaceapi/auth.py
--- a/spaceapi/auth.py
+++ b/spaceapi/auth.py
@@ -1,6 +1,7 @@
+from hmac import compare_digest
+
 from flask import current_app
 from flask_httpauth import HTTPBasicAuth, HTTPDigestAuth
-from werkzeug.security import safe_str_cmp
 
 basicauth = HTTPBasicAuth()
 httpauth = HTTPDigestAuth()
@@ -16,7 +17,7 @@ def get_pw(username):
 @basicauth.verify_password
 def verify_password(username, password):
     if username in current_app.config["HTTP_DIGEST_AUTH_USERS"]:
-        return safe_str_cmp(
+        return compare_digest(
             current_app.config["HTTP_DIGEST_AUTH_USERS"][username], password
         )
     return None