1. Kris Hardy
  2. CherryPy

Commits

Sylvain Hellegouarch  committed 7d7e165

Basic encryption now defaults to md5 if not provided. It means that by default passwords should be stored encrypted on the server.

  • Participants
  • Parent commits 2f8d2f3
  • Branches default

Comments (0)

Files changed (2)

File cherrypy/lib/auth.py

View file
+import md5
 import cherrypy
 
 from httpauth import parseAuthorization, checkResponse, basicAuth, digestAuth
             raise cherrypy.HTTPError(400, 'Bad Request')
 
         if not encrypt:
-            encrypt = lambda x: x
+            encrypt = lambda x: md5.new(x).hexdigest()
 
         if callable(users):
             users = users() # expect it to return a dictionary
     realm: a string containing the authentication realm.
     users: a dict of the form: {username: password} or a callable returning a dict.
     encrypt: callable used to encrypt the password returned from the user-agent.
+             if None it defaults to a md5 encryption.
     """
     if check_auth(users, encrypt):
         return

File cherrypy/test/test_httpauth.py

View file
             return "This is protected by Basic auth."
         index.exposed = True
 
-    def md5_encrypt(data):
-        return md5.new(data).hexdigest()
-
     def fetch_users():
         return {'test': 'test'}
 
                         'tools.digestauth.users': fetch_users},
             '/basic': {'tools.basicauth.on': True,
                        'tools.basicauth.realm': 'localhost',
-                       'tools.basicauth.users': {'test': md5_encrypt('test')},
-                       'tools.basicauth.encrypt': md5_encrypt}}
+                       'tools.basicauth.users': {'test': md5.new('test').hexdigest()}}}
     root = Root()
     root.digest = DigestProtected()
     root.basic = BasicProtected()