Simplify authentication code.

2026-01-21 07:55:00 +00:00 · 2013-09-08 16:53:40 -05:00 · 2013-09-08 16:53:40 -05:00 · dc5139bd2d
commit dc5139bd2d
parent ad7f932fe8
1 changed files with 4 additions and 6 deletions
--- a/modules/installed/lib/auth.py
+++ b/modules/installed/lib/auth.py
@ -28,13 +28,11 @@ def check_credentials(username, passphrase):
        return error

    u = cfg.users[username]
+    # hash the password whether the user exists, to foil timing
+    # side-channel attacks
+    pass_hash = hashlib.md5(passphrase).hexdigest()

-    if u is None:
-        # hash the password whether the user exists, to foil timing
-        # side-channel attacks
-        hashlib.md5(passphrase).hexdigest()
-        error = "Bad user-name or password."
-    elif u['passphrase'] != hashlib.md5(passphrase).hexdigest():
+    if u is None or u['passphrase'] != pass_hash:
        error = "Bad user-name or password."
    else:
        error = None