lowercase all hashes

author: Blake DeMarcy <ofunknowndescent@gmail.com> 2017-04-27 19:31:19 -0500
committer: Blake DeMarcy <ofunknowndescent@gmail.com> 2017-04-27 19:31:19 -0500
commit: ef4e07054a743977aab8cecc35366b959938c751 (patch)
tree: da23936c08bcd5a217028fa4d77ab1374fc95a43 /server.py
parent: 634a868030b6fc6512d7238b330e1ae265ee1c9d (diff)
download: bbj-ef4e07054a743977aab8cecc35366b959938c751.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/server.py b/server.py
index 842a9b3..ea341d6 100644
--- a/server.py
+++ b/server.py
@@ -59,7 +59,7 @@ def api_method(function):
                 if not user:
                     raise BBJUserError("User %s is not registered" % username)
 
-                elif auth != user["auth_hash"]:
+                elif auth.lower() != user["auth_hash"].lower():
                     raise BBJException(5, "Invalid authorization key for user.")
 
             # api_methods may choose to bind a usermap into the thread_data
@@ -233,7 +233,7 @@ class API(object):
         """
         validate(args, ["target_user", "target_hash"])
         user = db.user_resolve(database, args["target_user"], return_false=False)
-        return args["target_hash"] == user["auth_hash"]
+        return args["target_hash"].lower() == user["auth_hash"].lower()
 
 
     @api_method
author	Blake DeMarcy <ofunknowndescent@gmail.com>	2017-04-27 19:31:19 -0500
committer	Blake DeMarcy <ofunknowndescent@gmail.com>	2017-04-27 19:31:19 -0500
commit	ef4e07054a743977aab8cecc35366b959938c751 (patch)
tree	da23936c08bcd5a217028fa4d77ab1374fc95a43 /server.py
parent	634a868030b6fc6512d7238b330e1ae265ee1c9d (diff)
download	bbj-ef4e07054a743977aab8cecc35366b959938c751.tar.gz