Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix authentication #375

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Conversation

remram44
Copy link

What do these changes do?

Update the documentation and example to mention that auth_required=True should be set when setting authenticator, otherwise clients can still send messages with no authentication.

Are there changes in behavior for the user?

No

Related issue number

#374

Checklist

  • I think the code is well written
  • Unit tests for the changes exist
  • tox testenvs have been executed in the following environments:
    • Linux (Ubuntu 18.04, Ubuntu 20.04, Arch): {py36,py37,py38,py39}-{nocov,cov,diffcov}, qa, docs
    • Windows (7, 10): {py36,py37,py38,py39}-{nocov,cov,diffcov}
    • WSL 1.0 (Ubuntu 18.04): {py36,py37,py38,py39}-{nocov,cov,diffcov}, pypy3-{nocov,cov}, qa, docs
    • FreeBSD (12.2, 12.1, 11.4): {py36,pypy3}-{nocov,cov,diffcov}, qa
    • Cygwin: py36-{nocov,cov,diffcov}, qa, docs
  • Documentation reflects the changes
  • Add a news fragment into the NEWS.rst file

@remram44
Copy link
Author

remram44 commented Apr 13, 2023

This also fixes other issues with the example, such as the username not being decoded from bytes (so no row would ever be found in the database), Argon2 being used incorrectly (it uses a random seed, you can't hash multiple passwords and compare the hashes, use verify()), and auth_require_tls=False (otherwise you can't auth at all).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant