Home Explore Help
Sign In
mirrors
/
Radicale
mirror of https://github.com/Kozea/Radicale
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

replace too simple autodetection with hash length by proper regular expression

Peter Bieringer 1 month ago
parent
373ffaed2e
commit
5214287875
1 changed files with 7 additions and 16 deletions
Split View Show Diff Stats
  1. 7 16
      radicale/auth/htpasswd.py

+ 7 - 16
radicale/auth/htpasswd.py
View File 

@@ -191,37 +191,28 @@ class Auth(auth.BaseAuth):
 
         return ("ARGON2", argon2.verify(password, hash_value.strip()))
 
 
     def _md5apr1(self, hash_value: str, password: str) -> tuple[str, bool]:
 
-        if self._encryption == "autodetect" and len(hash_value) != 37:
 
-            return self._plain_fallback("MD5-APR1", hash_value, password)
 
-        else:
 
-            return ("MD5-APR1", apr_md5_crypt.verify(password, hash_value.strip()))
 
+        return ("MD5-APR1", apr_md5_crypt.verify(password, hash_value.strip()))
 
 
     def _sha256(self, hash_value: str, password: str) -> tuple[str, bool]:
 
-        if self._encryption == "autodetect" and len(hash_value) != 63:
 
-            return self._plain_fallback("SHA-256", hash_value, password)
 
-        else:
 
-            return ("SHA-256", sha256_crypt.verify(password, hash_value.strip()))
 
+        return ("SHA-256", sha256_crypt.verify(password, hash_value.strip()))
 
 
     def _sha512(self, hash_value: str, password: str) -> tuple[str, bool]:
 
-        if self._encryption == "autodetect" and len(hash_value) != 106:
 
-            return self._plain_fallback("SHA-512", hash_value, password)
 
-        else:
 
-            return ("SHA-512", sha512_crypt.verify(password, hash_value.strip()))
 
+        return ("SHA-512", sha512_crypt.verify(password, hash_value.strip()))
 
 
     def _autodetect(self, hash_value: str, password: str) -> tuple[str, bool]:
 
-        if hash_value.startswith("$apr1$", 0, 6):
 
+        if re.match(r"^\$apr1\$[A-Za-z0-9/.]{8}\$[A-Za-z0-9/.]{22}", hash_value):
 
             # MD5-APR1
 
             return self._md5apr1(hash_value, password)
 
-        elif re.match(r"^\$2(a|b|x|y)?\$", hash_value):
 
+        elif re.match(r"^\$2(a|b|x|y)?\$[0-9]{2}\$[A-Za-z0-9/.]{53}", hash_value):
 
             # BCRYPT
 
             return self._verify_bcrypt(hash_value, password)
 
         elif re.match(r"^\$argon2(i|d|id)\$", hash_value):
 
             # ARGON2
 
             return self._verify_argon2(hash_value, password)
 
-        elif hash_value.startswith("$5$", 0, 3):
 
+        elif re.match(r"^\$5\$(rounds=[0-9]+\$)?[A-Za-z0-9/.]{16}\$[A-Za-z0-9/.]{42}", hash_value):
 
             # SHA-256
 
             return self._sha256(hash_value, password)
 
-        elif hash_value.startswith("$6$", 0, 3):
 
+        elif re.match(r"^\$6\$(rounds=[0-9]+\$)?[A-Za-z0-9/.]{16}\$[A-Za-z0-9/.]{85}", hash_value):
 
             # SHA-512
 
             return self._sha512(hash_value, password)
 
         else: