Changeset - e7524377edcb
Parent rev.
Child rev.
[Not reviewed]
default
0 1 0
Dennis Fink - 3 years ago 2022-06-10 09:36:49
dennis.fink@c3l.lu
werkzeug.security doesn't have a safe_str_cmp anymore. Use hmac implementation instead.
1 file changed with 3 insertions and 2 deletions:
spaceapi/auth.py
3
2
0 comments (0 inline, 0 general)
spaceapi/auth.py
Show inline comments
 
from hmac import compare_digest
 

			




	
	
	
		
 
from flask import current_app

			




	
	
	
		
 
from flask_httpauth import HTTPBasicAuth, HTTPDigestAuth

			




	
	
	
		
 
from werkzeug.security import safe_str_cmp

			




	
	
	
		
 

			




	
	
	
		
 
basicauth = HTTPBasicAuth()

			




	
	
	
		
 
httpauth = HTTPDigestAuth()

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
@httpauth.get_password

			




	
	
		
 
@@ -13,10 +14,10 @@ def get_pw(username):

			




	
	
	
		
 
    return None

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
@basicauth.verify_password

			




	
	
	
		
 
def verify_password(username, password):

			




	
	
	
		
 
    if username in current_app.config["HTTP_DIGEST_AUTH_USERS"]:

			




	
	
	
		
 
        return safe_str_cmp(

			




	
	
	
		
 
        return compare_digest(

			




	
	
	
		
 
            current_app.config["HTTP_DIGEST_AUTH_USERS"][username], password

			




	
	
	
		
 
        )

			




	
	
	
		
 
    return None

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        Server instance: saturn-927464
    
    
        This site is powered by
            Kallithea,
        which is
        © 2010–2021 by various authors & licensed under GPLv3.
            – Support