kallithea Changeset - dedfa09af3af

Changeset - dedfa09af3af

Parent rev.

Child rev.

[Not reviewed]

default

0 1 0

Thomas De Schampheleire - 8 years ago 2017-11-10 18:06:04
thomas.de.schampheleire@gmail.com

auth: remove debug print of user password

Commit 30d61922f24eb144190052818c3fc6a24562f42b (auth: fix crash on invalid
bcrypt password) left a debug print statement of the user's password in
plaintext and its hashed equivalent.

1 file changed with 0 insertions and 1 deletions:

kallithea/lib/auth.py

0 comments (0 inline, 0 general)

kallithea/lib/auth.py

➞

Show inline comments

@@ @@ -112,25 +112,24 @@ def check_password(password, hashed): @@
     """
     Checks matching password with it's hashed value, runs different
     implementation based on platform it runs on
     :param password: password
     :param hashed: password in hashed form
     """
     if is_windows:
         return hashlib.sha256(password).hexdigest() == hashed
     elif is_unix:
         import bcrypt
         print(safe_str(password), safe_str(hashed))
         try:
             return bcrypt.checkpw(safe_str(password), safe_str(hashed))
         except ValueError as e:
             # bcrypt will throw ValueError 'Invalid hashed_password salt' on all password errors
             log.error('error from bcrypt checking password: %s', e)
             return False
     else:
         raise Exception('Unknown or unsupported platform %s'
                         % __platform__)
 def _cached_perms_data(user_id, user_is_admin, user_inherit_default_permissions,

0 comments (0 inline, 0 general)