From: Alexandru Ardelean Date: Thu, 9 Apr 2026 05:25:46 +0000 (+0300) Subject: python3-flask-httpauth: update to 4.8.1 X-Git-Url: http://git.99rst.org/?a=commitdiff_plain;h=bf34f9abb45319ae367f3f833f6962b27e409bcb;p=openwrt-packages.git python3-flask-httpauth: update to 4.8.1 Update package to 4.8.1. Security fix: - Empty or missing tokens are no longer accepted; previously this could allow bypassing token authentication Documentation improvements: new installation section, revised docs, fixed broken links. Signed-off-by: Alexandru Ardelean --- diff --git a/lang/python/python-flask-httpauth/Makefile b/lang/python/python-flask-httpauth/Makefile index 0af794510..21444599d 100644 --- a/lang/python/python-flask-httpauth/Makefile +++ b/lang/python/python-flask-httpauth/Makefile @@ -8,11 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-flask-httpauth -PKG_VERSION:=4.8.0 +PKG_VERSION:=4.8.1 PKG_RELEASE:=1 -PYPI_NAME:=Flask-HTTPAuth -PKG_HASH:=66568a05bc73942c65f1e2201ae746295816dc009edd84b482c44c758d75097a +PYPI_NAME:=flask-httpauth +PYPI_SOURCE_NAME:=flask_httpauth +PKG_HASH:=88499b22f1353893743c3cd68f2ca561c4ad9ef75cd6bcc7f621161cd0e80744 PKG_MAINTAINER:=Alexandru Ardelean PKG_LICENSE:=MIT diff --git a/lang/python/python-flask-httpauth/test.sh b/lang/python/python-flask-httpauth/test.sh new file mode 100755 index 000000000..b9f15b7a6 --- /dev/null +++ b/lang/python/python-flask-httpauth/test.sh @@ -0,0 +1,39 @@ +#!/bin/sh + +[ "$1" = python3-flask-httpauth ] || exit 0 + +python3 - << 'EOF' +from flask import Flask +from flask_httpauth import HTTPBasicAuth + +app = Flask(__name__) +auth = HTTPBasicAuth() + +users = {"alice": "secret"} + +@auth.verify_password +def verify_password(username, password): + return users.get(username) == password + +@app.route("/protected") +@auth.login_required +def protected(): + return f"Hello, {auth.current_user()}!" + +with app.test_client() as client: + # No auth -> 401 + resp = client.get("/protected") + assert resp.status_code == 401, f"Expected 401, got {resp.status_code}" + + # Wrong password -> 401 + import base64 + bad = base64.b64encode(b"alice:wrong").decode() + resp = client.get("/protected", headers={"Authorization": f"Basic {bad}"}) + assert resp.status_code == 401, f"Expected 401, got {resp.status_code}" + + # Correct credentials -> 200 + good = base64.b64encode(b"alice:secret").decode() + resp = client.get("/protected", headers={"Authorization": f"Basic {good}"}) + assert resp.status_code == 200, f"Expected 200, got {resp.status_code}" + assert b"Hello, alice" in resp.data +EOF