[Checkins] SVN: zope.password/trunk/src/zope/password/password.py LDAP does not use the URL-safe base64 encoding! See http://www.openldap.org/faq/data/cache/347.html.
Martijn Pieters
mj at zopatista.com
Sun Feb 20 10:29:04 EST 2011
Log message for revision 120469:
LDAP does not use the URL-safe base64 encoding! See http://www.openldap.org/faq/data/cache/347.html.
Correct to use the standard encoding instead.
Changed:
U zope.password/trunk/src/zope/password/password.py
-=-
Modified: zope.password/trunk/src/zope/password/password.py
===================================================================
--- zope.password/trunk/src/zope/password/password.py 2011-02-20 15:14:41 UTC (rev 120468)
+++ zope.password/trunk/src/zope/password/password.py 2011-02-20 15:29:04 UTC (rev 120469)
@@ -15,8 +15,8 @@
"""
__docformat__ = 'restructuredtext'
-from base64 import urlsafe_b64encode
-from base64 import urlsafe_b64decode
+from base64 import standard_b64encode
+from base64 import standard_b64decode
from os import urandom
from codecs import getencoder
try:
@@ -113,8 +113,8 @@
same salt, so we can be sure, our output is compatible with
standard LDAP tools that also use SSHA::
- >>> from base64 import urlsafe_b64decode
- >>> salt = urlsafe_b64decode('XkOZbw==')
+ >>> from base64 import standard_b64decode
+ >>> salt = standard_b64decode('XkOZbw==')
>>> password = 'secret'
>>> encoded = manager.encodePassword(password, salt)
>>> encoded
@@ -149,14 +149,14 @@
salt = urandom(4)
hash = sha1(_encoder(password)[0])
hash.update(salt)
- return '{SSHA}' + urlsafe_b64encode(hash.digest() + salt)
+ return '{SSHA}' + standard_b64encode(hash.digest() + salt)
def checkPassword(self, encoded_password, password):
# urlsafe_b64decode() cannot handle unicode input string. We
# encode to ascii. This is safe as the encoded_password string
# should not contain non-ascii characters anyway.
encoded_password = encoded_password.encode('ascii')
- byte_string = urlsafe_b64decode(encoded_password[6:])
+ byte_string = standard_b64decode(encoded_password[6:])
salt = byte_string[20:]
return encoded_password == self.encodePassword(password, salt)
More information about the checkins
mailing list