Skip to content

Commit

Permalink
Use different default algorithms for different werkzeug versions (#46384
Browse files Browse the repository at this point in the history 
)

Older werkzeug uses different algorithms for different versions - we
should match the default algorithm for those versions.
  • Loading branch information
@potiuk
potiuk authored Feb 3, 2025
1 parent 56fdc20 commit dafd166
Showing 1 changed file with 18 additions and 6 deletions.
24 changes: 18 additions & 6 deletions providers/fab/src/airflow/providers/fab/auth_manager/security_manager/override.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -839,12 +839,24 @@ def _init_config(self):
app.config.setdefault("AUTH_ROLES_MAPPING", {})
app.config.setdefault("AUTH_ROLES_SYNC_AT_LOGIN", False)
app.config.setdefault("AUTH_API_LOGIN_ALLOW_MULTIPLE_PROVIDERS", False)
app.config.setdefault(
"AUTH_DB_FAKE_PASSWORD_HASH_CHECK",
"scrypt:32768:8:1$wiDa0ruWlIPhp9LM$6e409d093e62ad54df2af895d0e125b05ff6cf6414"
"8350189ffc4bcc71286edf1b8ad94a442c00f890224bf2b32153d0750c89ee9"
"401e62f9dcee5399065e4e5",
)

from packaging.version import Version
from werkzeug import __version__ as werkzeug_version

parsed_werkzeug_version = Version(werkzeug_version)
if parsed_werkzeug_version < Version("3.0.0"):
app.config.setdefault(
"AUTH_DB_FAKE_PASSWORD_HASH_CHECK",
"pbkdf2:sha256:150000$Z3t6fmj2$22da622d94a1f8118"
"c0976a03d2f18f680bfff877c9a965db9eedc51bc0be87c",
)
else:
app.config.setdefault(
"AUTH_DB_FAKE_PASSWORD_HASH_CHECK",
"scrypt:32768:8:1$wiDa0ruWlIPhp9LM$6e409d093e62ad54df2af895d0e125b05ff6cf6414"
"8350189ffc4bcc71286edf1b8ad94a442c00f890224bf2b32153d0750c89ee9"
"401e62f9dcee5399065e4e5",
)

# LDAP Config
if self.auth_type == AUTH_LDAP:
Expand Down

0 comments on commit dafd166

Please sign in to comment.