Changeset - 4e0442f914b9
Parent rev.
Child rev.
[Not reviewed]
stable
0 1 0
Mads Kiilerich - 6 years ago 2019-12-30 01:02:36
mads@kiilerich.com
Grafted from: 132de80af0f2
auth: accept sha256 passwords on all platforms - not only on Windows

Give less surprises when changing platform.

Still, bcrypt is only supported and used on Posix.

bcrypt "hashes" will have length 60 and start with '$' and will thus
immediately skip the sha256 check.

The change should be safe: Users can't influence what kind of hashed key will
be in the database and can thus not influence the auth method.

(We really should use bcrypt on Windows too ... or change to something more
state of the art.)
1 file changed with 4 insertions and 2 deletions:
kallithea/lib/auth.py
4
2
0 comments (0 inline, 0 general)
kallithea/lib/auth.py
Show inline comments
 
@@ -28,6 +28,7 @@ import hashlib
 
import itertools
 
import logging
 
import os
 
import string
 

			




	
	
	
		
 
import ipaddr

			




	
	
	
		
 
from decorator import decorator

			




	
	
		
 
@@ -109,8 +110,9 @@ def check_password(password, hashed):

			




	
	
	
		
 
    :param password: password

			




	
	
	
		
 
    :param hashed: password in hashed form

			




	
	
	
		
 
    """

			




	
	
	
		
 

			




	
	
	
		
 
    if is_windows:

			




	
	
	
		
 
    # sha256 hashes will always be 64 hex chars

			




	
	
	
		
 
    # bcrypt hashes will always contain $ (and be shorter)

			




	
	
	
		
 
    if is_windows or len(hashed) == 64 and all(x in string.hexdigits for x in hashed):

			




	
	
	
		
 
        return hashlib.sha256(password).hexdigest() == hashed

			




	
	
	
		
 
    elif is_unix:

			




	
	
	
		
 
        import bcrypt

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.