search

offmessage / pyscrobbler

Python bindings for the last.fm API
http://github.com/offmessage/pyscrobbler
8 stars 0 forks source link

Add password hashed flag capability to AudioScrobblerPost #3

Open offmessage opened 14 years ago

offmessage commented 14 years ago

In my copy of the library, I have added a flag (defaulting to False) which tells whether the password given is plain-text or a hash (for added security). This is in turn used to determine whether the password is hashed before hashing it with the value of 'ask'. I think this should be added to the public source-code.

Excerpts from my copy:

class AudioScrobblerPost:
    def __init__(self,
                      hashedpass=False):
    self.params = dict(username=username,
                               hashedpass=hashedpass)
    username = self.params['username']
    password = self.params['password']
    hashed = self.params['hashedpass']
    if response[0].startswith('UPTODATE'):
        if hashed: answer = hashlib.md5(password + ask).hexdigest()
        else: answer = hashlib.md5(hashlib.md5(password).hexdigest() +
                                                 ask).hexdigest()
    elif response[0].startswith('UPDATE'):
        if hashed: answer = hashlib.md5(password + ask).hexdigest()
        else: answer = hashlib.md5(hashlib.md5(password).hexdigest() +
                                                 ask).hexdigest()

The above are just the parts of code changed to allow this functionality (which includes my update from the deprecated 'md5' module to the 'hashlib' module for hashing).

(originally opened by http://code.google.com/u/faazshift/ at http://code.google.com/p/pyscrobbler/issues/detail?id=11)