Changeset - dedfa09af3af
Parent rev.
Child rev.
[Not reviewed]
default
0 1 0
Thomas De Schampheleire - 8 years ago 2017-11-10 18:06:04
thomas.de.schampheleire@gmail.com
auth: remove debug print of user password

Commit 30d61922f24eb144190052818c3fc6a24562f42b (auth: fix crash on invalid
bcrypt password) left a debug print statement of the user's password in
plaintext and its hashed equivalent.
1 file changed with 0 insertions and 1 deletions:
kallithea/lib/auth.py
1
0 comments (0 inline, 0 general)
kallithea/lib/auth.py
Show inline comments
 
@@ -100,49 +100,48 @@ def get_crypt_password(password):
 
    """
 
    if is_windows:
 
        return hashlib.sha256(password).hexdigest()
 
    elif is_unix:
 
        import bcrypt
 
        return bcrypt.hashpw(safe_str(password), bcrypt.gensalt(10))
 
    else:
 
        raise Exception('Unknown or unsupported platform %s'
 
                        % __platform__)
 

			




	
	
	
		
 

			




	
	
	
		
 
def check_password(password, hashed):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Checks matching password with it's hashed value, runs different

			




	
	
	
		
 
    implementation based on platform it runs on

			




	
	
	
		
 

			




	
	
	
		
 
    :param password: password

			




	
	
	
		
 
    :param hashed: password in hashed form

			




	
	
	
		
 
    """

			




	
	
	
		
 

			




	
	
	
		
 
    if is_windows:

			




	
	
	
		
 
        return hashlib.sha256(password).hexdigest() == hashed

			




	
	
	
		
 
    elif is_unix:

			




	
	
	
		
 
        import bcrypt

			




	
	
	
		
 
        print(safe_str(password), safe_str(hashed))

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            return bcrypt.checkpw(safe_str(password), safe_str(hashed))

			




	
	
	
		
 
        except ValueError as e:

			




	
	
	
		
 
            # bcrypt will throw ValueError 'Invalid hashed_password salt' on all password errors

			




	
	
	
		
 
            log.error('error from bcrypt checking password: %s', e)

			




	
	
	
		
 
            return False

			




	
	
	
		
 
    else:

			




	
	
	
		
 
        raise Exception('Unknown or unsupported platform %s'

			




	
	
	
		
 
                        % __platform__)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def _cached_perms_data(user_id, user_is_admin, user_inherit_default_permissions,

			




	
	
	
		
 
                       explicit, algo):

			




	
	
	
		
 
    RK = 'repositories'

			




	
	
	
		
 
    GK = 'repositories_groups'

			




	
	
	
		
 
    UK = 'user_groups'

			




	
	
	
		
 
    GLOBAL = 'global'

			




	
	
	
		
 
    PERM_WEIGHTS = Permission.PERM_WEIGHTS

			




	
	
	
		
 
    permissions = {RK: {}, GK: {}, UK: {}, GLOBAL: set()}

			




	
	
	
		
 

			




	
	
	
		
 
    def _choose_perm(new_perm, cur_perm):

			




	
	
	
		
 
        new_perm_val = PERM_WEIGHTS[new_perm]

			




	
	
	
		
 
        cur_perm_val = PERM_WEIGHTS[cur_perm]

			




	
	
	
		
 
        if algo == 'higherwin':

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.