Ticket #1410 (closed defect: fixed)

Opened 2 years ago

Last modified 2 years ago

Error in _check_userline for HtDigestStore

Reported by: bjoern.wolf@e-tecture.com Assigned to: mgood
Priority: high Component: AccountManagerPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.10

Description

The method "_check_userline" (on line 176) in class HtDigestStore? (file htfile.py) seems to reference a global variable "user" which is not there. This error prevents users from logging in if the environment has been set to use HtDigestStore?.

Attachments

Change History

04/06/07 17:40:28 changed by whereami

I think this is a case of a missing parameter. Bug was introduced in [2120].

Here's a pretty minimal patch for the 0.10 branch that just adds user as a parameter where needed. 

Index: acct_mgr/htfile.py
===================================================================
--- acct_mgr/htfile.py  (revision 2157)
+++ acct_mgr/htfile.py  (working copy)
@@ -68,7 +68,7 @@
         try:
             for line in fd:
                 if line.startswith(prefix):
-                    return self._check_userline(password, prefix,
+                    return self._check_userline(user, password, prefix,
                                                 line[len(prefix):].rstrip('\n'))
         finally:
             fd.close()
@@ -134,7 +134,7 @@
     def userline(self, user, password):
         return self.prefix(user) + htpasswd(password)
 
-    def _check_userline(self, password, prefix, suffix):
+    def _check_userline(self, user, password, prefix, suffix):
         return suffix == htpasswd(password, suffix)
 
     def _get_users(self, filename):
@@ -172,7 +172,7 @@
     def userline(self, user, password):
         return self.prefix(user) + htdigest(user, self.realm, password)
 
-    def _check_userline(self, password, prefix, suffix):
+    def _check_userline(self, user, password, prefix, suffix):
         return suffix == htdigest(user, self.realm, password)
 
     def _get_users(self, filename):

04/09/07 18:10:27 changed by brendan@kublai.com

An even smaller fix:

  • acct_mgr/htfile.py

    old new  
    173173        return self.prefix(user) + htdigest(user, self.realm, password) 
    174174 
    175175    def _check_userline(self, password, prefix, suffix): 
     176        user = prefix.split(':')[0] 
    176177        return suffix == htdigest(user, self.realm, password) 
    177178 
    178179    def _get_users(self, filename): 

04/10/07 22:28:35 changed by mgood

  • status changed from new to closed.
  • resolution set to fixed.

(In [2171]) fix bug in r2120 with checking htdigest passwords (fixes #1410)

Add/Change #1410 (Error in _check_userline for HtDigestStore)




Change Properties
Action