diff options
author | Calum Lind <calumlind+deluge@gmail.com> | 2014-02-17 23:59:07 +0000 |
---|---|---|
committer | Calum Lind <calumlind+deluge@gmail.com> | 2014-02-18 00:27:39 +0000 |
commit | 22946700ddd8c7305c083450dbba589b2f7831be (patch) | |
tree | 11e0cda2515272187e58becc2139a3436f1b5aa3 /deluge/ui/web/auth.py | |
parent | 32d5a0bab2b825c14ba0955fdbef04719788f66d (diff) | |
download | deluge-22946700ddd8c7305c083450dbba589b2f7831be.tar.gz deluge-22946700ddd8c7305c083450dbba589b2f7831be.tar.bz2 deluge-22946700ddd8c7305c083450dbba589b2f7831be.zip |
[#2310] [WebUI] Fix unicode password support
hashlib requires UTF-8 encoded string
Passes flake8 but with warning for global __request__
Diffstat (limited to 'deluge/ui/web/auth.py')
-rw-r--r-- | deluge/ui/web/auth.py | 52 |
1 files changed, 27 insertions, 25 deletions
diff --git a/deluge/ui/web/auth.py b/deluge/ui/web/auth.py index e26eab486..870bd70e3 100644 --- a/deluge/ui/web/auth.py +++ b/deluge/ui/web/auth.py @@ -32,21 +32,6 @@ # statement from all source files in the program, then also delete it here. # # - -AUTH_LEVEL_NONE = 0 -AUTH_LEVEL_READONLY = 1 -AUTH_LEVEL_NORMAL = 5 -AUTH_LEVEL_ADMIN = 10 - -AUTH_LEVEL_DEFAULT = AUTH_LEVEL_NORMAL - -class AuthError(Exception): - """ - An exception that might be raised when checking a request for - authentication. - """ - pass - import time import random import hashlib @@ -54,16 +39,25 @@ import logging from datetime import datetime, timedelta from email.utils import formatdate -from twisted.internet.defer import Deferred from twisted.internet.task import LoopingCall from deluge import component from deluge.ui.web.json_api import JSONComponent, export +from deluge.common import utf8_encoded log = logging.getLogger(__name__) +AUTH_LEVEL_NONE = 0 +AUTH_LEVEL_READONLY = 1 +AUTH_LEVEL_NORMAL = 5 +AUTH_LEVEL_ADMIN = 10 + +AUTH_LEVEL_DEFAULT = AUTH_LEVEL_NORMAL + + def make_checksum(session_id): - return reduce(lambda x,y:x+y, map(ord, session_id)) + return reduce(lambda x, y: x+y, map(ord, session_id)) + def get_session_id(session_id): """ @@ -83,12 +77,14 @@ def get_session_id(session_id): log.exception(e) return None + def make_expires(timeout): dt = timedelta(seconds=timeout) expires = time.mktime((datetime.now() + dt).timetuple()) expires_str = formatdate(timeval=expires, localtime=False, usegmt=True) return expires, expires_str + class Auth(JSONComponent): """ The component that implements authentification into the JSON interface. @@ -136,7 +132,7 @@ class Auth(JSONComponent): checksum = str(make_checksum(session_id)) request.addCookie('_session_id', session_id + checksum, - path=request.base+"json", expires=expires_str) + path=request.base+"json", expires=expires_str) log.debug("Creating session for %s", login) config = component.get("DelugeWeb").config @@ -158,7 +154,7 @@ class Auth(JSONComponent): log.debug("Received a password via the 1.2-dev auth method") m = hashlib.md5() m.update(config["pwd_salt"]) - m.update(password) + m.update(utf8_encoded(password)) if m.hexdigest() == config['pwd_md5']: # We want to move the password over to sha1 and remove # the old passwords from the config file. @@ -178,7 +174,7 @@ class Auth(JSONComponent): from base64 import decodestring m = hashlib.md5() m.update(decodestring(config["old_pwd_salt"])) - m.update(password) + m.update(utf8_encoded(password)) if m.digest() == decodestring(config["old_pwd_md5"]): # We want to move the password over to sha1 and remove @@ -194,7 +190,7 @@ class Auth(JSONComponent): log.debug("Received a password via the 1.2 auth method") s = hashlib.sha1() s.update(config["pwd_salt"]) - s.update(password) + s.update(utf8_encoded(password)) if s.hexdigest() == config["pwd_sha1"]: return True @@ -233,7 +229,7 @@ class Auth(JSONComponent): _session_id = request.getCookie("_session_id") request.addCookie('_session_id', _session_id, - path=request.base+"json", expires=expires_str) + path=request.base+"json", expires=expires_str) if method: if not hasattr(method, "_json_export"): @@ -265,7 +261,7 @@ class Auth(JSONComponent): log.debug("Changing password") salt = hashlib.sha1(str(random.getrandbits(40))).hexdigest() s = hashlib.sha1(salt) - s.update(new_password) + s.update(utf8_encoded(new_password)) config = component.get("DelugeWeb").config config["pwd_salt"] = salt config["pwd_sha1"] = s.hexdigest() @@ -303,7 +299,6 @@ class Auth(JSONComponent): :param session_id: the id for the session to remove :type session_id: string """ - d = Deferred() config = component.get("DelugeWeb").config del config["sessions"][__request__.session_id] return True @@ -318,9 +313,16 @@ class Auth(JSONComponent): :returns: a session id or False :rtype: string or False """ - if self.check_password(password): return self._create_session(__request__) else: log.error('Login failed (ClientIP %s)', __request__.getClientIP()) return False + + +class AuthError(Exception): + """ + An exception that might be raised when checking a request for + authentication. + """ + pass |