« Previous | Next » 

Revision 23ccba04

ID23ccba047bf479fc45aa33ab3a851e3e75f8de75

Added by Michael Hanselmann about 12 years ago

http.auth: Fix bug with checking hashed passwords

When username and password were sent for a resource not requiring
authentication, it wouldn't be accepted if the user in question had a
hashed password. The reason was that the function GetAuthRealm used to
return None if no authentication was necessary. However, the
authentication realm is necessary to verify hashed passwords. This is
fixed by requiring GetAuthRealm to always return a realm and separating
the decision whether to require authentication or not to a separate
function.

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

Files

  • added
  • modified
  • copied
  • renamed
  • deleted

View differences