nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-05-20 10:34:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Simplify authentication code.

Browse Source
This commit is contained in:
Nick Daly 2013-09-08 16:53:40 -05:00
parent ad7f932fe8
commit dc5139bd2d
1 changed files with 4 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
modules/installed/lib/auth.py
View File

@ -28,13 +28,11 @@ def check_credentials(username, passphrase):
return error return error
u = cfg.users[username] u = cfg.users[username]
# hash the password whether the user exists, to foil timing
# side-channel attacks
pass_hash = hashlib.md5(passphrase).hexdigest()
if u is None: if u is None or u['passphrase'] != pass_hash:
# hash the password whether the user exists, to foil timing
# side-channel attacks
hashlib.md5(passphrase).hexdigest()
error = "Bad user-name or password."
elif u['passphrase'] != hashlib.md5(passphrase).hexdigest():
error = "Bad user-name or password." error = "Bad user-name or password."
else: else:
error = None error = None