summaryrefslogtreecommitdiffstats
path: root/deluge/ui/web/auth.py
diff options
context:
space:
mode:
authorCalum Lind <calumlind+deluge@gmail.com>2014-02-17 23:59:07 +0000
committerCalum Lind <calumlind+deluge@gmail.com>2014-02-18 00:27:39 +0000
commit22946700ddd8c7305c083450dbba589b2f7831be (patch)
tree11e0cda2515272187e58becc2139a3436f1b5aa3 /deluge/ui/web/auth.py
parent32d5a0bab2b825c14ba0955fdbef04719788f66d (diff)
downloaddeluge-22946700ddd8c7305c083450dbba589b2f7831be.tar.gz
deluge-22946700ddd8c7305c083450dbba589b2f7831be.tar.bz2
deluge-22946700ddd8c7305c083450dbba589b2f7831be.zip
[#2310] [WebUI] Fix unicode password support
hashlib requires UTF-8 encoded string Passes flake8 but with warning for global __request__
Diffstat (limited to 'deluge/ui/web/auth.py')
-rw-r--r--deluge/ui/web/auth.py52
1 files changed, 27 insertions, 25 deletions
diff --git a/deluge/ui/web/auth.py b/deluge/ui/web/auth.py
index e26eab486..870bd70e3 100644
--- a/deluge/ui/web/auth.py
+++ b/deluge/ui/web/auth.py
@@ -32,21 +32,6 @@
# statement from all source files in the program, then also delete it here.
#
#
-
-AUTH_LEVEL_NONE = 0
-AUTH_LEVEL_READONLY = 1
-AUTH_LEVEL_NORMAL = 5
-AUTH_LEVEL_ADMIN = 10
-
-AUTH_LEVEL_DEFAULT = AUTH_LEVEL_NORMAL
-
-class AuthError(Exception):
- """
- An exception that might be raised when checking a request for
- authentication.
- """
- pass
-
import time
import random
import hashlib
@@ -54,16 +39,25 @@ import logging
from datetime import datetime, timedelta
from email.utils import formatdate
-from twisted.internet.defer import Deferred
from twisted.internet.task import LoopingCall
from deluge import component
from deluge.ui.web.json_api import JSONComponent, export
+from deluge.common import utf8_encoded
log = logging.getLogger(__name__)
+AUTH_LEVEL_NONE = 0
+AUTH_LEVEL_READONLY = 1
+AUTH_LEVEL_NORMAL = 5
+AUTH_LEVEL_ADMIN = 10
+
+AUTH_LEVEL_DEFAULT = AUTH_LEVEL_NORMAL
+
+
def make_checksum(session_id):
- return reduce(lambda x,y:x+y, map(ord, session_id))
+ return reduce(lambda x, y: x+y, map(ord, session_id))
+
def get_session_id(session_id):
"""
@@ -83,12 +77,14 @@ def get_session_id(session_id):
log.exception(e)
return None
+
def make_expires(timeout):
dt = timedelta(seconds=timeout)
expires = time.mktime((datetime.now() + dt).timetuple())
expires_str = formatdate(timeval=expires, localtime=False, usegmt=True)
return expires, expires_str
+
class Auth(JSONComponent):
"""
The component that implements authentification into the JSON interface.
@@ -136,7 +132,7 @@ class Auth(JSONComponent):
checksum = str(make_checksum(session_id))
request.addCookie('_session_id', session_id + checksum,
- path=request.base+"json", expires=expires_str)
+ path=request.base+"json", expires=expires_str)
log.debug("Creating session for %s", login)
config = component.get("DelugeWeb").config
@@ -158,7 +154,7 @@ class Auth(JSONComponent):
log.debug("Received a password via the 1.2-dev auth method")
m = hashlib.md5()
m.update(config["pwd_salt"])
- m.update(password)
+ m.update(utf8_encoded(password))
if m.hexdigest() == config['pwd_md5']:
# We want to move the password over to sha1 and remove
# the old passwords from the config file.
@@ -178,7 +174,7 @@ class Auth(JSONComponent):
from base64 import decodestring
m = hashlib.md5()
m.update(decodestring(config["old_pwd_salt"]))
- m.update(password)
+ m.update(utf8_encoded(password))
if m.digest() == decodestring(config["old_pwd_md5"]):
# We want to move the password over to sha1 and remove
@@ -194,7 +190,7 @@ class Auth(JSONComponent):
log.debug("Received a password via the 1.2 auth method")
s = hashlib.sha1()
s.update(config["pwd_salt"])
- s.update(password)
+ s.update(utf8_encoded(password))
if s.hexdigest() == config["pwd_sha1"]:
return True
@@ -233,7 +229,7 @@ class Auth(JSONComponent):
_session_id = request.getCookie("_session_id")
request.addCookie('_session_id', _session_id,
- path=request.base+"json", expires=expires_str)
+ path=request.base+"json", expires=expires_str)
if method:
if not hasattr(method, "_json_export"):
@@ -265,7 +261,7 @@ class Auth(JSONComponent):
log.debug("Changing password")
salt = hashlib.sha1(str(random.getrandbits(40))).hexdigest()
s = hashlib.sha1(salt)
- s.update(new_password)
+ s.update(utf8_encoded(new_password))
config = component.get("DelugeWeb").config
config["pwd_salt"] = salt
config["pwd_sha1"] = s.hexdigest()
@@ -303,7 +299,6 @@ class Auth(JSONComponent):
:param session_id: the id for the session to remove
:type session_id: string
"""
- d = Deferred()
config = component.get("DelugeWeb").config
del config["sessions"][__request__.session_id]
return True
@@ -318,9 +313,16 @@ class Auth(JSONComponent):
:returns: a session id or False
:rtype: string or False
"""
-
if self.check_password(password):
return self._create_session(__request__)
else:
log.error('Login failed (ClientIP %s)', __request__.getClientIP())
return False
+
+
+class AuthError(Exception):
+ """
+ An exception that might be raised when checking a request for
+ authentication.
+ """
+ pass