Permalink
Commits on Sep 28, 2011
  1. Prep 2.0 release.

    tseaver committed Sep 28, 2011
Commits on May 24, 2011
  1. Prep 2.0b1 release.

    tseaver committed May 24, 2011
Commits on May 18, 2011
  1. Uniintended.

    tseaver committed May 18, 2011
Commits on May 17, 2011
Commits on May 13, 2011
  1. Typo.

    tseaver committed May 13, 2011
Commits on Apr 5, 2011
  1. All identifiers play on remember / forget.

    Unless the application limits by passing an identifier_name.
    tseaver committed Apr 5, 2011
  2. Import fix.

    tseaver committed Apr 5, 2011
Commits on Mar 31, 2011
  1. typo (thanks luke)

    mcdonc committed Mar 31, 2011
Commits on Mar 16, 2011
  1. Ignore derived.

    tseaver committed Mar 16, 2011
Commits on Mar 15, 2011
  1. Warn off potential optimizers.

    tseaver committed Mar 15, 2011
Commits on Mar 12, 2011
  1. Defend timing-based attacks against htpasswd.

    diff --git a/CHANGES.txt b/CHANGES.txt
    index 9724da1..b8695a1 100644
    --- a/CHANGES.txt
    +++ b/CHANGES.txt
    @@ -1,6 +1,12 @@
     repoze.who Changelog
     ====================
    
    +Unreleased
    +----------
    +
    +
    +
     2.0a4 (2011-02-02)
     ------------------
    
    @@ -35,6 +41,7 @@ repoze.who Changelog
       otherwise need to use private methods of the API, and reach down into
       its plugins.
    
    +
     2.0a3 (2010-09-30)
     ------------------
    
    @@ -71,6 +78,7 @@ repoze.who Changelog
       (added missing ``global_config`` argument).  See
       http://bugs.repoze.org/issue114
    
    +
     2.0a2 (2010-03-25)
     ------------------
    
    @@ -88,6 +96,7 @@ Backward Incompatibilities
       to ``debug``.
    
    +
     2.0a1 (2010-02-24)
     ------------------
    
    @@ -153,6 +162,7 @@ Backward Incompatibilities
       - ``verify``
    
    +
     1.0.18 (2009-11-05)
     -------------------
    
    @@ -161,6 +171,7 @@ Backward Incompatibilities
       ``Expires`` attributes of those cookies.
    
    +
     1.0.17 (2009-11-05)
     -------------------
    
    @@ -169,6 +180,7 @@ Backward Incompatibilities
       file).
    
    +
     1.0.16 (2009-11-04)
     -------------------
    
    diff --git a/repoze/who/plugins/htpasswd.py b/repoze/who/plugins/htpasswd.py
    index f21bb0e..13c418a 100644
    --- a/repoze/who/plugins/htpasswd.py
    +++ b/repoze/who/plugins/htpasswd.py
    @@ -1,3 +1,5 @@
    +import itertools
    +
     from zope.interface import implements
    
     from repoze.who.interfaces import IAuthenticator
    @@ -31,6 +33,7 @@ class HTPasswdPlugin(object):
                                                       'file %s' % self.filename)
                     return None
    
    +        result = None
             for line in f:
                 try:
                     username, hashed = line.rstrip().split(':', 1)
    @@ -38,20 +41,30 @@ class HTPasswdPlugin(object):
                     continue
                 if username == login:
                     if self.check(password, hashed):
    -                    return username
    -        return None
    +                    result = username
    +                    # Don't bail early:  leaks information!!
    +        return result
    
         def __repr__(self):
             return '<%s %s>' % (self.__class__.__name__,
                                 id(self)) #pragma NO COVERAGE
    
    +PADDING = ' ' * 1000
    +
    +def _same_string(x, y):
    +    match = True
    +    for a, b, ignored in itertools.izip_longest(x, y, PADDING):
    +        match = a == b and match
    +    return match
    +
     def crypt_check(password, hashed):
         from crypt import crypt
         salt = hashed[:2]
    -    return hashed == crypt(password, salt)
    +    return _same_string(hashed, crypt(password, salt))
    
     def plain_check(password, hashed):
    -    return hashed == password
    +    return _same_string(password, hashed)
    +
    
     def make_plugin(filename=None, check_fn=None):
         if filename is None:
    @@ -60,5 +73,3 @@ def make_plugin(filename=None, check_fn=None):
             raise ValueError('check_fn must be specified')
         check = resolveDotted(check_fn)
         return HTPasswdPlugin(filename, check)
    -
    -
    tseaver committed Mar 12, 2011
  2. Ignore derived.

    tseaver committed Mar 12, 2011
Commits on Feb 22, 2011
  1. Add CONTRIBUTORS.txt signing machinery.

    Concept / language borrowed from the Pylons project.
    tseaver committed Feb 22, 2011
Commits on Feb 2, 2011
  1. dont try to autocompute version; change by hand

    Chris McDonough committed Feb 2, 2011
  2. Prep 2.0a4 release.

    tseaver committed Feb 2, 2011
Commits on Feb 1, 2011
Commits on Jan 22, 2011
Commits on Jan 10, 2011
  1. Make 'make_api_factory_with_config' tolerate bad confi filename/content.

    In such cases, the API factory will have *no* configured plugins or policies:
    it will only be useful for retrieving the API from an environment populated by
    middleware.  Issue warnings for either case.
    tseaver committed Jan 10, 2011
  2. Fix speling.

    tseaver committed Jan 10, 2011
Commits on Dec 27, 2010
  1. Garden changelog.

    tseaver committed Dec 27, 2010
  2. Typo in date format

    jinty committed Dec 27, 2010
  3. fix rst2htm errors

    jinty committed Dec 27, 2010
Commits on Dec 17, 2010
  1. When the auth_tkt plugin is passed secure=True, add HttpOnly to the c…

    …ookie.
    
    I'm not completely sure of this one, so adding it as a separate patch. It seems
    reasonable in this case to always add the HttpOnly option whether secure is
    True or False. But that may break sites needing to access the auth_tkt via JS.
    But I cannot even imagine a sane usecase for that.
    
    A third option would be to add an HttpOnly option to the plugin __init__ which
    defaults to True.
    jinty committed Dec 17, 2010
  2. Fix auth_tkt plugin to add "secure" to cookies when it is configured …

    …with
    
    secure=True. Before this was not added meaning that cookies could be sent
    by the browser over insecure channels.
    jinty committed Dec 17, 2010
Commits on Dec 16, 2010
  1. Fix bug in repoze.who.api where the remember() or forget() methods could

    return a None if the identifier plugin returned a None. According to the
    interfaces in repoze.who.interfaces the API methods cannot return None while
    the plugin methods can.
    
    I'm not entirely sure this fix is right. I'm assuming that the interface
    documentation is more correct than the code in this case.
    jinty committed Dec 16, 2010
Commits on Nov 30, 2010
Commits on Nov 12, 2010