From f957883cc5046235d267359a2465f793b2017092 Mon Sep 17 00:00:00 2001 From: Victoria Martinez de la Cruz Date: Tue, 10 Dec 2024 13:28:36 +0100 Subject: [PATCH] Remove htpasswd_sha1 filter definition (#647) htpasswd_sha1 is not used anywhere else in STO, but we still carry over the filter definition. Since SHA1 is deprecated, it raises warnings on our static code analysis tools. --- .../servicetelemetry/filter_plugins/htpass.py | 19 ------------------- 1 file changed, 19 deletions(-) delete mode 100755 roles/servicetelemetry/filter_plugins/htpass.py diff --git a/roles/servicetelemetry/filter_plugins/htpass.py b/roles/servicetelemetry/filter_plugins/htpass.py deleted file mode 100755 index f115c1328..000000000 --- a/roles/servicetelemetry/filter_plugins/htpass.py +++ /dev/null @@ -1,19 +0,0 @@ -#!/usr/bin/env python3 -from hashlib import sha1 -from base64 import b64decode, b64encode - -class FilterModule(object): - def filters(self): - return { - 'htpasswd_sha1': self.htpasswd_sha1 - } - - def htpasswd_sha1(self, password): - """Convert from plaintext to htpasswd compatible SHA1 - This filter will return a SHA1 password hash for use in htpasswd files. - SHA1 is (highly) deprecated, but required by oauth_proxy until OCP 4.8 https://bugzilla.redhat.com/show_bug.cgi?id=1874322 - Jinja sha1 filter only outputs in hexdigest mode, but we require a base64 of the binary sha1 hash - >>> htpasswd_sha1('password') - '{SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=' - """ - return "{SHA}" + b64encode(sha1(password.encode()).digest()).decode()