summaryrefslogtreecommitdiffstats
path: root/deluge
diff options
context:
space:
mode:
authorCalum Lind <calumlind@gmail.com>2018-10-08 16:15:21 +0100
committerCalum Lind <calumlind@gmail.com>2018-10-10 14:41:10 +0100
commit3ed4a6e8348a2a98e3aa7e78f6247bd5486f25d3 (patch)
tree1768bfd0066501d798f08d1208037f4a70b5989b /deluge
parent20fa106b8b746662cf1a884f8b2f8521a94efa68 (diff)
downloaddeluge-3ed4a6e8348a2a98e3aa7e78f6247bd5486f25d3.tar.gz
deluge-3ed4a6e8348a2a98e3aa7e78f6247bd5486f25d3.tar.bz2
deluge-3ed4a6e8348a2a98e3aa7e78f6247bd5486f25d3.zip
[WebUI] Fixes for login auth on Python 3
Remove obsolete password check code.
Diffstat (limited to 'deluge')
-rw-r--r--deluge/ui/web/auth.py70
1 files changed, 15 insertions, 55 deletions
diff --git a/deluge/ui/web/auth.py b/deluge/ui/web/auth.py
index aefd879e6..e344eaa99 100644
--- a/deluge/ui/web/auth.py
+++ b/deluge/ui/web/auth.py
@@ -105,7 +105,7 @@ class Auth(JSONComponent):
request.addCookie(
b'_session_id',
session_id + checksum,
- path=request.base + 'json',
+ path=request.base + b'json',
expires=expires_str,
)
@@ -123,58 +123,15 @@ class Auth(JSONComponent):
def check_password(self, password):
config = self.config
- if 'pwd_md5' in config.config:
- # We are using the 1.2-dev auth method
- log.debug('Received a password via the 1.2-dev auth method')
- m = hashlib.md5()
- m.update(config['pwd_salt'])
- m.update(password.encode('utf8'))
- if m.hexdigest() == config['pwd_md5']:
- # We want to move the password over to sha1 and remove
- # the old passwords from the config file.
- self._change_password(password)
- del config.config['pwd_md5']
-
- # Remove the older password if there is now.
- if 'old_pwd_md5' in config.config:
- del config.config['old_pwd_salt']
- del config.config['old_pwd_md5']
-
- return True
-
- elif 'old_pwd_md5' in config.config:
- # We are using the 1.1 webui auth method
- log.debug('Received a password via the 1.1 auth method')
- from base64 import b64decode
-
- m = hashlib.md5()
- m.update(b64decode(config['old_pwd_salt']))
- m.update(password.encode('utf8'))
- if m.digest() == b64decode(config['old_pwd_md5']):
-
- # We want to move the password over to sha1 and remove
- # the old passwords from the config file.
- self._change_password(password)
- del config.config['old_pwd_salt']
- del config.config['old_pwd_md5']
-
- return True
-
- elif 'pwd_sha1' in config.config:
- # We are using the 1.2 auth method
- log.debug('Received a password via the 1.2 auth method')
- s = hashlib.sha1()
- s.update(config['pwd_salt'])
- s.update(password.encode('utf8'))
- if s.hexdigest() == config['pwd_sha1']:
- return True
-
- else:
- # Can't detect which method we should be using so just deny
- # access.
- log.debug('Failed to detect the login method')
+ if 'pwd_sha1' not in config.config:
+ log.debug('Failed to find config login details.')
return False
+ s = hashlib.sha1()
+ s.update(config['pwd_salt'].encode('utf8'))
+ s.update(password.encode('utf8'))
+ return s.hexdigest() == config['pwd_sha1']
+
def check_request(self, request, method=None, level=None):
"""
Check to ensure that a request is authorised to call the specified
@@ -189,8 +146,11 @@ class Auth(JSONComponent):
:raises: Exception
"""
-
- session_id = get_session_id(request.getCookie('_session_id'))
+ cookie_sess_id = request.getCookie(b'_session_id')
+ if cookie_sess_id:
+ session_id = get_session_id(cookie_sess_id.decode())
+ else:
+ session_id = None
if session_id not in self.config['sessions']:
auth_level = AUTH_LEVEL_NONE
@@ -201,12 +161,12 @@ class Auth(JSONComponent):
expires, expires_str = make_expires(self.config['session_timeout'])
session['expires'] = expires
- _session_id = request.getCookie('_session_id')
+ _session_id = request.getCookie(b'_session_id')
request.addCookie(
b'_session_id',
_session_id,
path=request.base + b'json',
- expires=expires_str,
+ expires=expires_str.encode('utf8'),
)
if method: