From dc5139bd2d9928b3113b1d42d66f361fa3aa587a Mon Sep 17 00:00:00 2001
From: Nick Daly <Nick.M.Daly@gmail.com>
Date: Sun, 8 Sep 2013 16:53:40 -0500
Subject: [PATCH] Simplify authentication code.

---
 modules/installed/lib/auth.py | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/modules/installed/lib/auth.py b/modules/installed/lib/auth.py
index 98f931faf..74f387595 100644
--- a/modules/installed/lib/auth.py
+++ b/modules/installed/lib/auth.py
@@ -28,13 +28,11 @@ def check_credentials(username, passphrase):
         return error
 
     u = cfg.users[username]
+    # hash the password whether the user exists, to foil timing
+    # side-channel attacks
+    pass_hash = hashlib.md5(passphrase).hexdigest()
 
-    if u is None:
-        # hash the password whether the user exists, to foil timing
-        # side-channel attacks
-        hashlib.md5(passphrase).hexdigest()
-        error = "Bad user-name or password."
-    elif u['passphrase'] != hashlib.md5(passphrase).hexdigest():
+    if u is None or u['passphrase'] != pass_hash:
         error = "Bad user-name or password."
     else:
         error = None