Warn against Falsy credentials #8683
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
🪼 branch checks and previews
Install Gradio from this PR pip install https://gradio-builds.s3.amazonaws.com/1c662c46cbc57c150e1ea262b24f537d7b473212/gradio-4.37.2-py3-none-any.whlInstall Gradio Python Client from this PR pip install "gradio-client @ git+https://github.com/gradio-app/gradio@1c662c46cbc57c150e1ea262b24f537d7b473212#subdirectory=client/python"Install Gradio JS Client from this PR npm install https://gradio-builds.s3.amazonaws.com/1c662c46cbc57c150e1ea262b24f537d7b473212/gradio-client-1.2.1.tgz |
|
Thanks @Paillat-dev I would suggest raising a warning when a none or empty credential is passed in instead of an error -- a lot of times, users are simply prototyping quickly with auth and we don't want to break those workflows |
Allowing Falsy auth credentials will cause problems later, for example in `hmac.compare_digest(input_password.encode(), correct_password.encode())` as NoneType has no `encode` method. Moreover, allowing empty passwords would make no sense from a security point of view.
|
Sure, I changed it. |
Paillat-dev
changed the title
abidlabs
changed the title
abidlabs
approved these changes
Jul 2, 2024
🦄 change detectedThis Pull Request includes changes to the following packages.
With the following changelog entry.
Maintainers or the PR author can modify the PR title to modify this entry.
|
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Allowing Falsy auth credentials will cause problems later, for example in
hmac.compare_digest(input_password.encode(), correct_password.encode())as NoneType has noencodemethod. Moreover, allowing empty passwords would make no sense from a security point of view.Let me know if any changes are required.