Open volkerjaenisch opened 6 months ago
Dear aiosmtpd people! Thank you for your work!
The "authenticated replayer" example has two bugs:
Here the fixed code.
class Authenticator: def __init__(self, auth_database): self.auth_db = Path(auth_database) self.ph = PasswordHasher() def __call__(self, server, session, envelope, mechanism, auth_data): fail_nothandled = AuthResult(success=False, handled=False) if mechanism not in ("LOGIN", "PLAIN"): return fail_nothandled if not isinstance(auth_data, LoginPassword): return fail_nothandled username = auth_data.login.decode() password = auth_data.password.decode() conn = sqlite3.connect(self.auth_db) curs = conn.execute( "SELECT hashpass FROM userauth WHERE username=?", (username,) ) hash_db = curs.fetchone() conn.close() if not hash_db: return fail_nothandled if not self.ph.verify(hash_db[0], password): return fail_nothandled return AuthResult(success=True)
Cheers, Volker
Dear aiosmtpd people! Thank you for your work!
The "authenticated replayer" example has two bugs:
Here the fixed code.
Cheers, Volker