Storing-passwords-as-hash-digests is incorrect in the documentation

BingYanchi commented 4 years ago

https://pyftpdlib.readthedocs.io/en/latest/tutorial.html?highlight=md5#storing-passwords-as-hash-digests

Prompt after running:

Traceback (most recent call last):
  File "d:/Github/ArkManager/python/test.py", line 35, in <module>
    main()
  File "d:/Github/ArkManager/python/test.py", line 25, in main    
    hash = md5('12345').hexdigest()
TypeError: Unicode-objects must be encoded before hashing

I change to hash = md5('12345'.encode('latin1')).hexdigest()

File "d:/Github/ArkManager/python/test.py", line 15, in validate_authentication
        hash = md5(password).hexdigest()
    TypeError: object supporting the buffer API required

But still report an error, I hope to give the corresponding new method

lurch commented 4 years ago

Yeah, looks like the example should be changed from:

    hash = md5('12345').hexdigest()

to:

    password = '12345'
    if sys.version_info >= (3, 0):
        password = password.encode('latin1')
    hash = md5(password).hexdigest()

(because Python 3 treats bytes differently to strings)

Also, looks like:

    def validate_authentication(self, username, password, handler):
        if sys.version_info >= (3, 0):
            password = md5(password.encode('latin1'))
        hash = md5(password).hexdigest()

should probably be:

    def validate_authentication(self, username, password, handler):
        if sys.version_info >= (3, 0):
            password = password.encode('latin1')
        hash = md5(password).hexdigest()

?

No point calling the md5 function twice! :laughing:

giampaolo commented 4 years ago

Anyone up for a PR? :D

giampaolo / pyftpdlib

Storing-passwords-as-hash-digests is incorrect in the documentation #532