From: philipp <philipp@7aebc617-e5e2-0310-91dc-80fb5f6d2477>
Date: Fri, 10 May 2019 22:14:52 +0000 (+0000)
Subject: Update function password_is_correct to work with Python 3.
X-Git-Url: https://git.toastfreeware.priv.at/philipp/winterrodeln/wradmin.git/commitdiff_plain/66217feb573c60e1a988420c700a45124a18236a

Update function password_is_correct to work with Python 3.

git-svn-id: http://www.winterrodeln.org/svn/wradmin/trunk@2814 7aebc617-e5e2-0310-91dc-80fb5f6d2477
---

diff --git a/wradmin/auth/__init__.py b/wradmin/auth/__init__.py
index 1292b99..be8296c 100644
--- a/wradmin/auth/__init__.py
+++ b/wradmin/auth/__init__.py
@@ -1,14 +1,15 @@
-from authkit.users import md5, AuthKitError
+from base64 import b64decode, b64encode
+from hashlib import pbkdf2_hmac, md5
 
 
 def password_is_correct(password_plain, password_db):
     """Returns true if a plain text password corresponds to the hash of the password as stored in the MediaWiki db.
 
-    :param password_plain: plain text password, e.g. 'abc'
-    :param password_db: complete password line as stored in the database, e.g. ':pbkdf2:sha256:10000:128:EXgVGhc2mAs710feKvkiaw==:J5fYth9pg/R2d0F8bSsYfTR8SBpTBNIcdv/DgJ0tOPC1rtajl2Dr0RLqOozLb8O0XpDhtv4a3JJd/M0b58WebfNWAcdJBJI9nNeC0EYYD7OCYZGVAaRhiYtK4m53KZBBL6x/k2j4RjHPT1NmgV8Fr1DPqBNOlOHxUIh5z5oslM4='
+    :param password_plain: plain text password as string, e.g. 'abc'
+    :param password_db: complete password line as string as stored in the database, e.g. ':pbkdf2:sha256:10000:128:EXgVGhc2mAs710feKvkiaw==:J5fYth9pg/R2d0F8bSsYfTR8SBpTBNIcdv/DgJ0tOPC1rtajl2Dr0RLqOozLb8O0XpDhtv4a3JJd/M0b58WebfNWAcdJBJI9nNeC0EYYD7OCYZGVAaRhiYtK4m53KZBBL6x/k2j4RjHPT1NmgV8Fr1DPqBNOlOHxUIh5z5oslM4='
     """
     if not password_db.startswith(':'):
-        raise AuthKitError("Password entry in the database does have an unexpected format (does not start with ':').")
+        raise ValueError("Password entry in the database does have an unexpected format (does not start with ':').")
     pwd_parts = password_db[1:].split(':')
     pwd_type = pwd_parts[0]
     if pwd_type == 'B':
@@ -16,17 +17,16 @@ def password_is_correct(password_plain, password_db):
         # example: password_db == ':B:d25b2886:41e46c952790b1b442aac4f24f7ea7a8'
         # pwd_parts == ['B', 'd25b2886', '41e46c952790b1b442aac4f24f7ea7a8']
         if len(pwd_parts) != 3:
-            raise AuthKitError("Password entry in the database does have an unexpected format (too few ':').")
+            raise ValueError("Password entry in the database does have an unexpected format (too few ':').")
         salt, pwd_md5 = tuple(pwd_parts[1:3])  # salt = 'd25b2886'; pwd_md5 = '41e46c952790b1b442aac4f24f7ea7a8'
         # log.info("user: '%s'; md5 of salt+' '+entered_pwd: '%s'; md5-part of DB-pwd: %s" % (username, md5(salt + '-' + md5(password)), pwd_md5))
-        return md5(salt + '-' + md5(password_plain)) == pwd_md5
+        salt_and_plain = salt + '-' + md5(password_plain.encode()).hexdigest()
+        return md5(salt_and_plain.encode()).hexdigest() == pwd_md5
     elif pwd_type == 'pbkdf2':
         if len(pwd_parts) != 6:
-            raise AuthKitError("Password entry in the database does have an unexpected format (too few ':').")
+            raise ValueError("Password entry in the database does have an unexpected format (too few ':').")
         _, algorithm, rounds, num_bit, salt, pwd_hash = pwd_parts
-        from base64 import b64decode, b64encode
-        from hashlib import pbkdf2_hmac
         salt = b64decode(salt)
-        hash = pbkdf2_hmac(algorithm, password_plain, salt, int(rounds), int(num_bit))
-        hash = b64encode(hash)
+        hash = pbkdf2_hmac(algorithm, password_plain.encode(), salt, int(rounds), int(num_bit))
+        hash = b64encode(hash).decode()
         return hash == pwd_hash