Skip to content

Commit bdaf0aa

Browse files
CycloctaneCycloctane
committed
use constant-time comparison on password
1 parent b680628 commit bdaf0aa

File tree

1 file changed

+4
-1
lines changed

1 file changed

+4
-1
lines changed

aiohttp_remotes/basic_auth.py

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
import base64
22
import binascii
3+
from secrets import compare_digest
34
from typing import Awaitable, Callable, Iterable
45

56
from typing_extensions import NoReturn
@@ -58,7 +59,9 @@ async def middleware(
5859

5960
username, password = credentials
6061

61-
if username != self._username or password != self._password:
62+
if username != self._username or not compare_digest(
63+
password, self._password
64+
):
6265
return await self.raise_error(request)
6366

6467
return await handler(request)

0 commit comments

Comments
 (0)