Merge ~cjwatson/launchpad:basic-auth-password-bytes into launchpad:master

Proposed by Colin Watson
Status: Merged
Approved by: Colin Watson
Approved revision: c40b35abe7c8a1002bead6b8205e2c026d421b0b
Merge reported by: Otto Co-Pilot
Merged at revision: not available
Proposed branch: ~cjwatson/launchpad:basic-auth-password-bytes
Merge into: launchpad:master
Diff against target: 14 lines (+2/-1)
1 file modified
lib/lp/services/webapp/ (+2/-1)
Reviewer Review Type Date Requested Status
Cristian Gonzalez (community) Approve
Review via email:

Commit message

Treat basic auth password as bytes

Description of the change

zope.publisher.http.HTTPRequest._authUserPW decodes the username and password in a basic auth header to bytes, so we must compare the password that way.

To post a comment you must log in.
Revision history for this message
Cristian Gonzalez (cristiangsp) wrote :

Looks good!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/lib/lp/services/webapp/ b/lib/lp/services/webapp/
2index 81a2384..c778407 100644
3--- a/lib/lp/services/webapp/
4+++ b/lib/lp/services/webapp/
5@@ -69,7 +69,8 @@ class PlacelessAuthUtility:
6 principal = login_src.getPrincipalByLogin(login)
7 if principal is not None and principal.person.is_valid_person:
8 password = credentials.getPassword()
9- if password == config.launchpad.basic_auth_password:
10+ if (password ==
11+ config.launchpad.basic_auth_password.encode('ASCII')):
12 # We send a LoggedInEvent here, when the
13 # cookie auth below sends a PrincipalIdentified,
14 # as the login form is never visited for BasicAuth.


People subscribed via source and target branches

to status/vote changes: