Modify

Opened 8 years ago

Closed 7 years ago

#1410 closed defect (fixed)

Error in _check_userline for HtDigestStore

Reported by: bjoern.wolf@… Owned by: mgood
Priority: high Component: AccountManagerPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.10

Description

The method "_check_userline" (on line 176) in class HtDigestStore (file htfile.py) seems to reference a global variable "user" which is not there. This error prevents users from logging in if the environment has been set to use HtDigestStore.

Attachments (0)

Change History (3)

comment:1 Changed 7 years ago by whereami

I think this is a case of a missing parameter. Bug was introduced in [2120].

Here's a pretty minimal patch for the 0.10 branch that just adds user as a parameter where needed.

  • acct_mgr/htfile.py

     
    6868        try: 
    6969            for line in fd: 
    7070                if line.startswith(prefix): 
    71                     return self._check_userline(password, prefix, 
     71                    return self._check_userline(user, password, prefix, 
    7272                                                line[len(prefix):].rstrip('\n')) 
    7373        finally: 
    7474            fd.close() 
     
    134134    def userline(self, user, password): 
    135135        return self.prefix(user) + htpasswd(password) 
    136136 
    137     def _check_userline(self, password, prefix, suffix): 
     137    def _check_userline(self, user, password, prefix, suffix): 
    138138        return suffix == htpasswd(password, suffix) 
    139139 
    140140    def _get_users(self, filename): 
     
    172172    def userline(self, user, password): 
    173173        return self.prefix(user) + htdigest(user, self.realm, password) 
    174174 
    175     def _check_userline(self, password, prefix, suffix): 
     175    def _check_userline(self, user, password, prefix, suffix): 
    176176        return suffix == htdigest(user, self.realm, password) 
    177177 
    178178    def _get_users(self, filename): 

comment:2 Changed 7 years ago by brendan@…

An even smaller fix:

  • acct_mgr/htfile.py

     
    173173        return self.prefix(user) + htdigest(user, self.realm, password) 
    174174 
    175175    def _check_userline(self, password, prefix, suffix): 
     176        user = prefix.split(':')[0] 
    176177        return suffix == htdigest(user, self.realm, password) 
    177178 
    178179    def _get_users(self, filename): 

comment:3 Changed 7 years ago by mgood

  • Resolution set to fixed
  • Status changed from new to closed

(In [2171]) fix bug in r2120 with checking htdigest passwords (fixes #1410)

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.