Authenticate(): When sha hex digesting the response, save the results

in a temporary variable and check that variable against the secret (this is so that subsequent checks have the raw password).
author: bwarsaw 2001-05-31 21:17:47 +0000
committer: bwarsaw 2001-05-31 21:17:47 +0000
commit: 4b5470eedfb4e6515b391cd961f38ddff2a7c015 (patch)
tree: a7f55152b6c4c1c6dd13d83b077ab913f176f9e5 /Mailman/SecurityManager.py
parent: 669d5dc5f59ce37c47b0eeb2a4b823435d9067bd (diff)
download: mailman-4b5470eedfb4e6515b391cd961f38ddff2a7c015.tar.gz
mailman-4b5470eedfb4e6515b391cd961f38ddff2a7c015.tar.zst
mailman-4b5470eedfb4e6515b391cd961f38ddff2a7c015.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/Mailman/SecurityManager.py b/Mailman/SecurityManager.py
index 7104f75a7..5745ef7a3 100644
--- a/Mailman/SecurityManager.py
+++ b/Mailman/SecurityManager.py
@@ -141,10 +141,12 @@ class SecurityManager:
                 # response being passed in is plain text, so we need to
                 # digestify it first.
                 if ac in (mm_cfg.AuthListAdmin, mm_cfg.AuthListModerator):
-                    response = sha.new(response).hexdigest()
+                    chkresponse = sha.new(response).hexdigest()
+                else:
+                    chkresponse = response
 
                 key, secret = self.AuthContextInfo(ac, user)
-                if secret is not None and response == secret:
+                if secret is not None and chkresponse == secret:
                     return ac
         return mm_cfg.UnAuthorized
author	bwarsaw	2001-05-31 21:17:47 +0000
committer	bwarsaw	2001-05-31 21:17:47 +0000
commit	4b5470eedfb4e6515b391cd961f38ddff2a7c015 (patch)
tree	a7f55152b6c4c1c6dd13d83b077ab913f176f9e5 /Mailman/SecurityManager.py
parent	669d5dc5f59ce37c47b0eeb2a4b823435d9067bd (diff)
download	mailman-4b5470eedfb4e6515b391cd961f38ddff2a7c015.tar.gz mailman-4b5470eedfb4e6515b391cd961f38ddff2a7c015.tar.zst mailman-4b5470eedfb4e6515b391cd961f38ddff2a7c015.zip