> So your password is written as hash in the settings.ini after this?
Yes, after tryng your suggestion, it changed, I think it happened during
yesterday's investigations as well, but I reset it to text again.
> Can you please try the following:
>
> 1. Fire up a terminal and go to the directory of the audioscrobbler
> plugin (where __init__.py and all the others are located)
>
> 2. Launch the python interactive console
>
> 3. Import _scrobbler
>
> 4. Try _scrobbler.login($username, $password_hash, hashpw=False,
> post_url='http://post.audioscrobbler.com/')
>
> 5. Try _scrobbler.login($username, $password, hashpw=True,
> post_url='http://post.audioscrobbler.com/')
>
> Both 4. and 5. should yield no exceptions.
>
Ok, and added one more, text passwor with Fale hashpw:
[vincent:~/exaile/plugins/audioscrobbler] jack% ipython2.5
Python 2.5.4 (r254:67916, Jul 6 2009, 09:34:22)
Type "copyright", "credits" or "license" for more information.
IPython 0.9.1 -- An enhanced Interactive Python.
? -> Introduction and overview of IPython's features.
%quickref -> Quick reference.
help -> Python's own help system.
object? -> Details about 'object'. ?object also works, ?? prints more.
As you see, non-hash pw + hashpw=False doesn't rase a thing, and it
should, the reply contains nothing hence no cookie for the session
(SESSION_ID)
Jack
>
> Regards, Mathias
>
> - --
> debian/rules
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkpwGXEACgkQYfUFJ3ewsJhY8QCeN2a7hLueLZvcmQXPVDiNzufL
> 6xQAn3RGBpQMcL/GDTGSEyBCeH0EkaQK
> =LxBQ
> -----END PGP SIGNATURE-----
>
> --
> audioscrobbler won't login/submit problems
> https://bugs.launchpad.net/bugs/406231
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in Exaile: Invalid
>
> Bug description:
> Audioscroblet plugin doesn't login properly, here's the output.
>
>
> INFO : AS: attempting to connect to audioscrobbler
> INFO : Loading collection...
> INFO : AS: Connected to audioscrobbler
> INFO : Loading devices...
> WARNING : Failed to connect to HAL, autodetection of devices will be disabled.
> INFO : Loading interface...
> INFO : Playing file:///Users/jack/mp3/Bad_Plus%2C_The/2003-These_Are_The_Vistas/01-Big_Eater.mp3
> INFO : Attempting to submit now playing information...
> Exception in thread Thread-8:
> Traceback (most recent call last):
> File "/opt/local/Library/Frameworks/Python.framework/Versions/2.5/lib/python2.5/threading.py", line 486, in __bootstrap_inner
> self.run()
> File "/opt/local/Library/Frameworks/Python.framework/Versions/2.5/lib/python2.5/threading.py", line 446, in run
> self.__target(*self.__args, **self.__kwargs)
> File "/Users/jack/exaile_bazaar/exaile/data/plugins/audioscrobbler/__init__.py", line 110, in now_playing
> track.get_duration(), track.get_track())
> File "/Users/jack/exaile_bazaar/exaile/data/plugins/audioscrobbler/_scrobbler.py", line 152, in now_playing
> raise AuthError("Please 'login()' first. (No session available)")
> AuthError: Please 'login()' first. (No session available)
>
>
> Problem is: if non-md5 password is used in login() with hashpw=False, first call in initialize() routine for some reason doesn't raise the exceptions and the next call (wh haspw=True) isn't triggered.
> When setting both calls of login to use hashpw=True, the iniitial login succeeds and proper cookie value is obtained,
>
> Reworked initialize():
>
> def initialize(self, username, password, server):
> logger.info("AS: attempting to connect to audioscrobbler")
> try:
> scrobbler.login(username, password, hashpw=True, post_url=server)
> except:
>
> try:
> scrobbler.login(username, password, hashpw=True, post_url=server)
> except:
> self.connecting = False
> common.log_exception()
> return
> logger.info("AS: Connected to audioscrobbler")
>
> event.add_callback(self.on_play, 'playback_track_start')
> event.add_callback(self.on_stop, 'playback_track_end')
> self.connected = True
> self.connecting = False
>
> @common.threaded
>
> Anyway, reviewing the _scrobbler.py and __init.py login procedures raised some questions:
>
> 1. Lastfm expects md5-hashed passwords.
>
> 2. settings.ini should always have md5-hashed pw stored, or and indication if the password is md5 or no.
> Actually, during my investigation, if my memory doesn't betray me, at some point it did store md5 password iside the ini file.
>
>
> I think the ideal behaviour should be one of these:
>
> 1. store md5 digest of pw in the file and use login(hashpw=False)
>
> 2. store plain text pw and use login(hashpw=True)
>
> 3. store either pw with propper marker of it md5-ness and use login(hashpw=(not md5-ness of the pw))
>
> Off course security-wise non-md5 pw in setting.ini file isn't good.
>
>
>
> System used: OSX10.4.11
> python 2.5.4
>
>
Hi Mathis,
On Wed, 29 Jul 2009, Mathias Brodala wrote:
> So your password is written as hash in the settings.ini after this?
Yes, after tryng your suggestion, it changed, I think it happened during
yesterday's investigations as well, but I reset it to text again.
> Can you please try the following: login($ username, $password_hash, hashpw=False, post.audioscrob bler.com/ ') login($ username, $password, hashpw=True, post.audioscrob bler.com/ ')
>
> 1. Fire up a terminal and go to the directory of the audioscrobbler
> plugin (where __init__.py and all the others are located)
>
> 2. Launch the python interactive console
>
> 3. Import _scrobbler
>
> 4. Try _scrobbler.
> post_url='http://
>
> 5. Try _scrobbler.
> post_url='http://
>
> Both 4. and 5. should yield no exceptions.
>
Ok, and added one more, text passwor with Fale hashpw:
[vincent: ~/exaile/ plugins/ audioscrobbler] jack% ipython2.5
Python 2.5.4 (r254:67916, Jul 6 2009, 09:34:22)
Type "copyright", "credits" or "license" for more information.
IPython 0.9.1 -- An enhanced Interactive Python.
? -> Introduction and overview of IPython's features.
%quickref -> Quick reference.
help -> Python's own help system.
object? -> Details about 'object'. ?object also works, ?? prints more.
In [1]: import _scrobbler
In [2]: pw5=...
In [3]: pw=...
In [4]: _scrobbler. login(" jitg", pw, hashpw=False, post.audioscrob bler.com/ ')
post_url='http://
In [5]: _scrobbler. login(" jitg", pw, hashpw=True, post.audioscrob bler.com/ ')
post_url='http://
In [6]: _scrobbler. login(" jitg", pw5, hashpw=False, post.audioscrob bler.com/ ')
post_url='http://
As you see, non-hash pw + hashpw=False doesn't rase a thing, and it
should, the reply contains nothing hence no cookie for the session
(SESSION_ID)
Jack
> enigmail. mozdev. org wGXEACgkQYfUFJ3 ewsJhY8QCeN2a7h LueLZvcmQXPVDiN zufL GDTGSEyBCeH0Eka QK /bugs.launchpad .net/bugs/ 406231 /Users/ jack/mp3/ Bad_Plus% 2C_The/ 2003-These_ Are_The_ Vistas/ 01-Big_ Eater.mp3 Library/ Frameworks/ Python. framework/ Versions/ 2.5/lib/ python2. 5/threading. py", line 486, in __bootstrap_inner Library/ Frameworks/ Python. framework/ Versions/ 2.5/lib/ python2. 5/threading. py", line 446, in run target( *self._ _args, **self.__kwargs) jack/exaile_ bazaar/ exaile/ data/plugins/ audioscrobbler/ __init_ _.py", line 110, in now_playing duration( ), track.get_track()) jack/exaile_ bazaar/ exaile/ data/plugins/ audioscrobbler/ _scrobbler. py", line 152, in now_playing login(username, password, hashpw=True, post_url=server) login(username, password, hashpw=True, post_url=server) log_exception( ) callback( self.on_ play, 'playback_ track_start' ) callback( self.on_ stop, 'playback_ track_end' )
> Regards, Mathias
>
> - --
> debian/rules
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://
>
> iEYEARECAAYFAkp
> 6xQAn3RGBpQMcL/
> =LxBQ
> -----END PGP SIGNATURE-----
>
> --
> audioscrobbler won't login/submit problems
> https:/
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in Exaile: Invalid
>
> Bug description:
> Audioscroblet plugin doesn't login properly, here's the output.
>
>
> INFO : AS: attempting to connect to audioscrobbler
> INFO : Loading collection...
> INFO : AS: Connected to audioscrobbler
> INFO : Loading devices...
> WARNING : Failed to connect to HAL, autodetection of devices will be disabled.
> INFO : Loading interface...
> INFO : Playing file://
> INFO : Attempting to submit now playing information...
> Exception in thread Thread-8:
> Traceback (most recent call last):
> File "/opt/local/
> self.run()
> File "/opt/local/
> self.__
> File "/Users/
> track.get_
> File "/Users/
> raise AuthError("Please 'login()' first. (No session available)")
> AuthError: Please 'login()' first. (No session available)
>
>
> Problem is: if non-md5 password is used in login() with hashpw=False, first call in initialize() routine for some reason doesn't raise the exceptions and the next call (wh haspw=True) isn't triggered.
> When setting both calls of login to use hashpw=True, the iniitial login succeeds and proper cookie value is obtained,
>
> Reworked initialize():
>
> def initialize(self, username, password, server):
> logger.info("AS: attempting to connect to audioscrobbler")
> try:
> scrobbler.
> except:
>
> try:
> scrobbler.
> except:
> self.connecting = False
> common.
> return
> logger.info("AS: Connected to audioscrobbler")
>
> event.add_
> event.add_
> self.connected = True
> self.connecting = False
>
> @common.threaded
>
> Anyway, reviewing the _scrobbler.py and __init.py login procedures raised some questions:
>
> 1. Lastfm expects md5-hashed passwords.
>
> 2. settings.ini should always have md5-hashed pw stored, or and indication if the password is md5 or no.
> Actually, during my investigation, if my memory doesn't betray me, at some point it did store md5 password iside the ini file.
>
>
> I think the ideal behaviour should be one of these:
>
> 1. store md5 digest of pw in the file and use login(hashpw=False)
>
> 2. store plain text pw and use login(hashpw=True)
>
> 3. store either pw with propper marker of it md5-ness and use login(hashpw=(not md5-ness of the pw))
>
> Off course security-wise non-md5 pw in setting.ini file isn't good.
>
>
>
> System used: OSX10.4.11
> python 2.5.4
>
>