Mercurial > kallithea
changeset 8094:4e0442f914b9 stable
auth: accept sha256 passwords on all platforms - not only on Windows
Give less surprises when changing platform.
Still, bcrypt is only supported and used on Posix.
bcrypt "hashes" will have length 60 and start with '$' and will thus
immediately skip the sha256 check.
The change should be safe: Users can't influence what kind of hashed key will
be in the database and can thus not influence the auth method.
(We really should use bcrypt on Windows too ... or change to something more
state of the art.)
| author | Mads Kiilerich <mads@kiilerich.com> |
|---|---|
| date | Mon, 30 Dec 2019 01:02:36 +0100 |
| parents | 8b47181750a8 |
| children | 7c7d6b5c07c7 |
| files | kallithea/lib/auth.py |
| diffstat | 1 files changed, 4 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/lib/auth.py Thu Jan 09 12:28:33 2020 +0100 +++ b/kallithea/lib/auth.py Mon Dec 30 01:02:36 2019 +0100 @@ -28,6 +28,7 @@ import itertools import logging import os +import string import ipaddr from decorator import decorator @@ -109,8 +110,9 @@ :param password: password :param hashed: password in hashed form """ - - if is_windows: + # sha256 hashes will always be 64 hex chars + # bcrypt hashes will always contain $ (and be shorter) + if is_windows or len(hashed) == 64 and all(x in string.hexdigits for x in hashed): return hashlib.sha256(password).hexdigest() == hashed elif is_unix: import bcrypt