From bf34f9abb45319ae367f3f833f6962b27e409bcb Mon Sep 17 00:00:00 2001 From: Alexandru Ardelean Date: Thu, 9 Apr 2026 08:25:46 +0300 Subject: [PATCH] python3-flask-httpauth: update to 4.8.1 Update package to 4.8.1. Security fix: - Empty or missing tokens are no longer accepted; previously this could allow bypassing token authentication Documentation improvements: new installation section, revised docs, fixed broken links. Signed-off-by: Alexandru Ardelean --- lang/python/python-flask-httpauth/Makefile | 7 ++-- lang/python/python-flask-httpauth/test.sh | 39 ++++++++++++++++++++++ 2 files changed, 43 insertions(+), 3 deletions(-) create mode 100755 lang/python/python-flask-httpauth/test.sh diff --git a/lang/python/python-flask-httpauth/Makefile b/lang/python/python-flask-httpauth/Makefile index 0af7945109..21444599d4 100644 --- a/lang/python/python-flask-httpauth/Makefile +++ b/lang/python/python-flask-httpauth/Makefile @@ -8,11 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-flask-httpauth -PKG_VERSION:=4.8.0 +PKG_VERSION:=4.8.1 PKG_RELEASE:=1 -PYPI_NAME:=Flask-HTTPAuth -PKG_HASH:=66568a05bc73942c65f1e2201ae746295816dc009edd84b482c44c758d75097a +PYPI_NAME:=flask-httpauth +PYPI_SOURCE_NAME:=flask_httpauth +PKG_HASH:=88499b22f1353893743c3cd68f2ca561c4ad9ef75cd6bcc7f621161cd0e80744 PKG_MAINTAINER:=Alexandru Ardelean PKG_LICENSE:=MIT diff --git a/lang/python/python-flask-httpauth/test.sh b/lang/python/python-flask-httpauth/test.sh new file mode 100755 index 0000000000..b9f15b7a65 --- /dev/null +++ b/lang/python/python-flask-httpauth/test.sh @@ -0,0 +1,39 @@ +#!/bin/sh + +[ "$1" = python3-flask-httpauth ] || exit 0 + +python3 - << 'EOF' +from flask import Flask +from flask_httpauth import HTTPBasicAuth + +app = Flask(__name__) +auth = HTTPBasicAuth() + +users = {"alice": "secret"} + +@auth.verify_password +def verify_password(username, password): + return users.get(username) == password + +@app.route("/protected") +@auth.login_required +def protected(): + return f"Hello, {auth.current_user()}!" + +with app.test_client() as client: + # No auth -> 401 + resp = client.get("/protected") + assert resp.status_code == 401, f"Expected 401, got {resp.status_code}" + + # Wrong password -> 401 + import base64 + bad = base64.b64encode(b"alice:wrong").decode() + resp = client.get("/protected", headers={"Authorization": f"Basic {bad}"}) + assert resp.status_code == 401, f"Expected 401, got {resp.status_code}" + + # Correct credentials -> 200 + good = base64.b64encode(b"alice:secret").decode() + resp = client.get("/protected", headers={"Authorization": f"Basic {good}"}) + assert resp.status_code == 200, f"Expected 200, got {resp.status_code}" + assert b"Hello, alice" in resp.data +EOF