Commits

Jason R. Coombs committed 242c10a

Fix presumed NameError when get_ha1_dict is used. Fixes #1105.

Comments (0)

Files changed (1)

cherrypy/lib/auth_digest.py

     argument to digest_auth().
     """
     def get_ha1(realm, username):
-        return user_ha1_dict.get(user)
+        return user_ha1_dict.get(username)
 
     return get_ha1
 
 
     key
         A secret string known only to the server.
-    
+
     timestamp
         An integer seconds-since-the-epoch timestamp
-    
+
     """
     if timestamp is None:
         timestamp = int(time.time())
 
         s
             A string related to the resource, such as the hostname of the server.
-            
+
         key
             A secret string known only to the server.
-        
+
         Both s and key must be the same values which were used to synthesize the nonce
         we are trying to validate.
         """
             4.3.  This refers to the entity the user agent sent in the request which
             has the Authorization header. Typically GET requests don't have an entity,
             and POST requests do.
-        
+
         """
         ha2 = self.HA2(entity_body)
         # Request-Digest -- RFC 2617 3.2.2.1
 def digest_auth(realm, get_ha1, key, debug=False):
     """A CherryPy tool which hooks at before_handler to perform
     HTTP Digest Access Authentication, as specified in :rfc:`2617`.
-    
+
     If the request has an 'authorization' header with a 'Digest' scheme, this
     tool authenticates the credentials supplied in that header.  If
     the request has no 'authorization' header, or if it does but the scheme is
     not "Digest", or if authentication fails, the tool sends a 401 response with
     a 'WWW-Authenticate' Digest header.
-    
+
     realm
         A string containing the authentication realm.
-    
+
     get_ha1
         A callable which looks up a username in a credentials store
         and returns the HA1 string, which is defined in the RFC to be
         where username is obtained from the request's 'authorization' header.
         If username is not found in the credentials store, get_ha1() returns
         None.
-    
+
     key
         A secret string known only to the server, used in the synthesis of nonces.
-    
+
     """
     request = cherrypy.serving.request
-    
+
     auth_header = request.headers.get('authorization')
     nonce_is_stale = False
     if auth_header is not None:
             auth = HttpDigestAuthorization(auth_header, request.method, debug=debug)
         except ValueError:
             raise cherrypy.HTTPError(400, "The Authorization header could not be parsed.")
-        
+
         if debug:
             TRACE(str(auth))
-        
+
         if auth.validate_nonce(realm, key):
             ha1 = get_ha1(realm, auth.username)
             if ha1 is not None:
                         if debug:
                             TRACE("authentication of %s successful" % auth.username)
                         return
-    
+
     # Respond with 401 status and a WWW-Authenticate header
     header = www_authenticate(realm, key, stale=nonce_is_stale)
     if debug:
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.