python3-flask-httpauth: update to 4.8.1

Update package to 4.8.1. Security fix: - Empty or missing tokens are no longer accepted; previously this could allow bypassing token authentication Documentation improvements: new installation section, revised docs, fixed broken links. Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
2026-04-15 10:51:55 +00:00 · 2026-04-09 08:25:46 +03:00
parent b5a553b457
commit bf34f9abb4
2 changed files with 43 additions and 3 deletions
--- a/lang/python/python-flask-httpauth/Makefile
+++ b/lang/python/python-flask-httpauth/Makefile
@@ -8,11 +8,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=python-flask-httpauth
-PKG_VERSION:=4.8.0
+PKG_VERSION:=4.8.1
 PKG_RELEASE:=1

-PYPI_NAME:=Flask-HTTPAuth
-PKG_HASH:=66568a05bc73942c65f1e2201ae746295816dc009edd84b482c44c758d75097a
+PYPI_NAME:=flask-httpauth
+PYPI_SOURCE_NAME:=flask_httpauth
+PKG_HASH:=88499b22f1353893743c3cd68f2ca561c4ad9ef75cd6bcc7f621161cd0e80744

 PKG_MAINTAINER:=Alexandru Ardelean <ardeleanalex@gmail.com>
 PKG_LICENSE:=MIT
--- a/lang/python/python-flask-httpauth/test.sh
+++ b/lang/python/python-flask-httpauth/test.sh
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+[ "$1" = python3-flask-httpauth ] || exit 0
+
+python3 - << 'EOF'
+from flask import Flask
+from flask_httpauth import HTTPBasicAuth
+
+app = Flask(__name__)
+auth = HTTPBasicAuth()
+
+users = {"alice": "secret"}
+
+@auth.verify_password
+def verify_password(username, password):
+    return users.get(username) == password
+
+@app.route("/protected")
+@auth.login_required
+def protected():
+    return f"Hello, {auth.current_user()}!"
+
+with app.test_client() as client:
+    # No auth -> 401
+    resp = client.get("/protected")
+    assert resp.status_code == 401, f"Expected 401, got {resp.status_code}"
+
+    # Wrong password -> 401
+    import base64
+    bad = base64.b64encode(b"alice:wrong").decode()
+    resp = client.get("/protected", headers={"Authorization": f"Basic {bad}"})
+    assert resp.status_code == 401, f"Expected 401, got {resp.status_code}"
+
+    # Correct credentials -> 200
+    good = base64.b64encode(b"alice:secret").decode()
+    resp = client.get("/protected", headers={"Authorization": f"Basic {good}"})
+    assert resp.status_code == 200, f"Expected 200, got {resp.status_code}"
+    assert b"Hello, alice" in resp.data
+EOF