debug log which password hash method was used

2025-04-06 06:37:36 +03:00 · 2024-12-30 08:17:44 +01:00 · 2024-12-30 08:17:44 +01:00 · ddd099accd
commit ddd099accd
parent 8e97b709bf
1 changed files with 7 additions and 6 deletions
--- a/radicale/auth/htpasswd.py
+++ b/radicale/auth/htpasswd.py
@ -96,19 +96,19 @@ class Auth(auth.BaseAuth):

    def _plain(self, hash_value: str, password: str) -> bool:
        """Check if ``hash_value`` and ``password`` match, plain method."""
-        return hmac.compare_digest(hash_value.encode(), password.encode())
+        return ("PLAIN", hmac.compare_digest(hash_value.encode(), password.encode()))

    def _bcrypt(self, bcrypt: Any, hash_value: str, password: str) -> bool:
-        return bcrypt.checkpw(password=password.encode('utf-8'), hashed_password=hash_value.encode())
+        return ("BCRYPT", bcrypt.checkpw(password=password.encode('utf-8'), hashed_password=hash_value.encode()))

    def _md5apr1(self, hash_value: str, password: str) -> bool:
-        return apr_md5_crypt.verify(password, hash_value.strip())
+        return ("MD5-APR1", apr_md5_crypt.verify(password, hash_value.strip()))

    def _sha256(self, hash_value: str, password: str) -> bool:
-        return sha256_crypt.verify(password, hash_value.strip())
+        return ("SHA-256", sha256_crypt.verify(password, hash_value.strip()))

    def _sha512(self, hash_value: str, password: str) -> bool:
-        return sha512_crypt.verify(password, hash_value.strip())
+        return ("SHA-512", sha512_crypt.verify(password, hash_value.strip()))

    def _autodetect(self, hash_value: str, password: str) -> bool:
        if hash_value.startswith("$apr1$", 0, 6) and len(hash_value) == 37:
@ -151,8 +151,9 @@ class Auth(auth.BaseAuth):
                            # timing attacks, see #591.
                            login_ok = hmac.compare_digest(
                                hash_login.encode(), login.encode())
-                            password_ok = self._verify(hash_value, password)
+                            (method, password_ok) = self._verify(hash_value, password)
                            if login_ok and password_ok:
+                                logger.debug("Password verification for user '%s' with method '%s': password_ok=%s", login, method, password_ok)
                                return login
                        except ValueError as e:
                            raise RuntimeError("Invalid htpasswd file %r: %s" %