mirror of
https://github.com/openwrt/packages.git
synced 2026-04-15 19:02:09 +00:00
bf34f9abb4
Update package to 4.8.1. Security fix: - Empty or missing tokens are no longer accepted; previously this could allow bypassing token authentication Documentation improvements: new installation section, revised docs, fixed broken links. Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
40 lines
1.1 KiB
Bash
Executable File
40 lines
1.1 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
[ "$1" = python3-flask-httpauth ] || exit 0
|
|
|
|
python3 - << 'EOF'
|
|
from flask import Flask
|
|
from flask_httpauth import HTTPBasicAuth
|
|
|
|
app = Flask(__name__)
|
|
auth = HTTPBasicAuth()
|
|
|
|
users = {"alice": "secret"}
|
|
|
|
@auth.verify_password
|
|
def verify_password(username, password):
|
|
return users.get(username) == password
|
|
|
|
@app.route("/protected")
|
|
@auth.login_required
|
|
def protected():
|
|
return f"Hello, {auth.current_user()}!"
|
|
|
|
with app.test_client() as client:
|
|
# No auth -> 401
|
|
resp = client.get("/protected")
|
|
assert resp.status_code == 401, f"Expected 401, got {resp.status_code}"
|
|
|
|
# Wrong password -> 401
|
|
import base64
|
|
bad = base64.b64encode(b"alice:wrong").decode()
|
|
resp = client.get("/protected", headers={"Authorization": f"Basic {bad}"})
|
|
assert resp.status_code == 401, f"Expected 401, got {resp.status_code}"
|
|
|
|
# Correct credentials -> 200
|
|
good = base64.b64encode(b"alice:secret").decode()
|
|
resp = client.get("/protected", headers={"Authorization": f"Basic {good}"})
|
|
assert resp.status_code == 200, f"Expected 200, got {resp.status_code}"
|
|
assert b"Hello, alice" in resp.data
|
|
EOF
|