Commits

Sylvain Hellegouarch committed 7d7e165

Basic encryption now defaults to md5 if not provided. It means that by default passwords should be stored encrypted on the server.

Comments (0)

Files changed (2)

cherrypy/lib/auth.py

+import md5
 import cherrypy
 
 from httpauth import parseAuthorization, checkResponse, basicAuth, digestAuth
             raise cherrypy.HTTPError(400, 'Bad Request')
 
         if not encrypt:
-            encrypt = lambda x: x
+            encrypt = lambda x: md5.new(x).hexdigest()
 
         if callable(users):
             users = users() # expect it to return a dictionary
     realm: a string containing the authentication realm.
     users: a dict of the form: {username: password} or a callable returning a dict.
     encrypt: callable used to encrypt the password returned from the user-agent.
+             if None it defaults to a md5 encryption.
     """
     if check_auth(users, encrypt):
         return

cherrypy/test/test_httpauth.py

             return "This is protected by Basic auth."
         index.exposed = True
 
-    def md5_encrypt(data):
-        return md5.new(data).hexdigest()
-
     def fetch_users():
         return {'test': 'test'}
 
                         'tools.digestauth.users': fetch_users},
             '/basic': {'tools.basicauth.on': True,
                        'tools.basicauth.realm': 'localhost',
-                       'tools.basicauth.users': {'test': md5_encrypt('test')},
-                       'tools.basicauth.encrypt': md5_encrypt}}
+                       'tools.basicauth.users': {'test': md5.new('test').hexdigest()}}}
     root = Root()
     root.digest = DigestProtected()
     root.basic = BasicProtected()
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.