« Previous | Next » 

Revision 23ccba04


Added by Michael Hanselmann over 14 years ago

http.auth: Fix bug with checking hashed passwords

When username and password were sent for a resource not requiring
authentication, it wouldn't be accepted if the user in question had a
hashed password. The reason was that the function GetAuthRealm used to
return None if no authentication was necessary. However, the
authentication realm is necessary to verify hashed passwords. This is
fixed by requiring GetAuthRealm to always return a realm and separating
the decision whether to require authentication or not to a separate

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>


  • added
  • modified
  • copied
  • renamed
  • deleted

View differences