From 7ce6bc8b123ff7b3dfe0ebf84b67f304d9d504dd Mon Sep 17 00:00:00 2001 From: Ferry Boender Date: Mon, 30 Mar 2015 22:38:45 +0200 Subject: [PATCH] Authentication passwords are now sha256 hashed. Use --generate-pw to generate the proper hashed password. --- examples/auth/README.md | 5 +++++ examples/auth/auth.json | 4 ++-- examples/simple/htaccess | 2 ++ src/scriptform.py | 36 +++++++++++++++++++++++++++++------- 4 files changed, 38 insertions(+), 9 deletions(-) diff --git a/examples/auth/README.md b/examples/auth/README.md index 05df1b8..e9c8a66 100644 --- a/examples/auth/README.md +++ b/examples/auth/README.md @@ -3,3 +3,8 @@ ScriptForm auth example This example shows how to authenticate users. Everyone must authenticate. Only user 'test2' is allowed to see and execute the 'only_some_users' form. + +The credentials are: + + test:secret + test2:password diff --git a/examples/auth/auth.json b/examples/auth/auth.json index b5c00fa..82fdeef 100644 --- a/examples/auth/auth.json +++ b/examples/auth/auth.json @@ -1,8 +1,8 @@ { "title": "Authorization protected", "users": { - "test": "secret", - "test2": "password" + "test": "2bb80d537b1da3e38bd30361aa855686bde0eacd7162fef6a25fe97bf527a25b", + "test2": "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8" }, "forms": { "do_nothing": { diff --git a/examples/simple/htaccess b/examples/simple/htaccess index e69de29..326cc19 100644 --- a/examples/simple/htaccess +++ b/examples/simple/htaccess @@ -0,0 +1,2 @@ +a:{SHA}qZk+NkcGgWq6PiVxeFDCbJzQ2J0= +fb:{SHA}MW7uIgOKtXmGLGk4ZKZl/cYBAjw= diff --git a/src/scriptform.py b/src/scriptform.py index b04117e..9bed598 100755 --- a/src/scriptform.py +++ b/src/scriptform.py @@ -23,6 +23,7 @@ import datetime import subprocess import base64 import tempfile +import hashlib html_header = ''' @@ -287,9 +288,10 @@ class ScriptFormWebApp(WebAppHandler): if auth_header is not None: auth_realm, auth_unpw = auth_header.split(' ', 1) username, password = base64.decodestring(auth_unpw).split(":") + pw_hash = hashlib.sha256(password).hexdigest() # Validate the username and password if username in self.scriptform.users and \ - password == self.scriptform.users[username]: + pw_hash == self.scriptform.users[username]: self.username = username authorized = True @@ -603,15 +605,35 @@ class ScriptForm: WebSrv(ScriptFormWebApp, listen_addr=listen_addr, listen_port=listen_port) -if __name__ == "__main__": - parser = optparse.OptionParser() - parser.set_usage(sys.argv[0] + " [option] ") - - parser.add_option("-p", "--port", dest="port", action="store", type="int", default=80, help="Port to listen on.") +def main_generate_pw(parser, options, args): + import getpass + plain_pw = getpass.getpass() + if not plain_pw == getpass.getpass('Repeat password: '): + sys.stderr.write("Passwords do not match.\n") + sys.exit(1) + print hashlib.sha256(plain_pw).hexdigest() + sys.exit(0) - (options, args) = parser.parse_args() +def main_serve(parser, options, args): if len(args) < 1: parser.error("Insufficient number of arguments") sf = ScriptForm(args[0]) sf.run(listen_port=options.port) + +if __name__ == "__main__": + usage = [ + sys.argv[0] + " [option] ", + " " + sys.argv[0] + " --generate-pw", + ] + parser = optparse.OptionParser() + parser.set_usage('\n'.join(usage)) + + parser.add_option("-g", "--generate-pw", dest="generate_pw", action="store_true", default=False, help="Generate password") + parser.add_option("-p", "--port", dest="port", action="store", type="int", default=80, help="Port to listen on") + + (options, args) = parser.parse_args() + if options.generate_pw: + main_generate_pw(parser, options, args) + else: + main_serve(parser, options, args)