Merge branch 'master' into python3

[wrw.git] / wrw / auth.py

diff --git a/wrw/auth.py b/wrw/auth.py
index 4ae292d..1858214 100644 (file)
--- a/wrw/auth.py
+++ b/wrw/auth.py
@@ -1,9 +1,9 @@
 import binascii, hashlib, threading, time
-import resp
+from . import resp
 
 class unauthorized(resp.httperror):
     def __init__(self, challenge, message=None, detail=None):
-        super(unauthorized, self).__init__(401, message, detail)
+        super().__init__(401, message, detail)
         if isinstance(challenge, str):
             challenge = [challenge]
         self.challenge = challenge
@@ -11,11 +11,11 @@ class unauthorized(resp.httperror):
     def handle(self, req):
         for challenge in self.challenge:
             req.ohead.add("WWW-Authenticate", challenge)
-        return super(unauthorized, self).handle(req)
+        return super().handle(req)
 
 class forbidden(resp.httperror):
     def __init__(self, message=None, detail=None):
-        super(forbidden, self).__init__(403, message, detail)
+        super().__init__(403, message, detail)
 
 def parsemech(req):
     h = req.ihead.get("Authorization", None)
@@ -31,9 +31,17 @@ def parsebasic(req):
     if mech != "basic":
         return None, None
     try:
+        data = data.encode("us-ascii")
+    except UnicodeError:
+        return None, None
+    try:
         raw = binascii.a2b_base64(data)
     except binascii.Error:
         return None, None
+    try:
+        raw = raw.decode("utf-8")
+    except UnicodeError:
+        raw = raw.decode("latin1")
     p = raw.find(":")
     if p < 0:
         return None, None
@@ -51,9 +59,9 @@ class basiccache(object):
 
     def _obscure(self, nm, pw):
         dig = hashlib.sha256()
-        dig.update(self.realm)
-        dig.update(nm)
-        dig.update(pw)
+        dig.update(self.realm.encode("utf-8"))
+        dig.update(nm.encode("utf-8"))
+        dig.update(pw.encode("utf-8"))
         return dig.digest()
 
     def check(self, req):
@@ -76,7 +84,7 @@ class basiccache(object):
         with lock:
             try:
                 ret = self.auth(req, nm, pw)
-            except forbidden, exc:
+            except forbidden as exc:
                 with self._lock:
                     self._cache[nm, pwh] = (lock, now, "f", exc)
                 raise