Exaile

  1. Bug #406231
  2. Comment #5

Comment 5 for bug 406231

Revision history for this message
Yakov Mindelis (jackitg) wrote : Re: [Bug 406231] Re: audioscrobbler won't login/submit problems

Hi Mathis,

On Wed, 29 Jul 2009, Mathias Brodala wrote:

> So your password is written as hash in the settings.ini after this?

Yes, after tryng your suggestion, it changed, I think it happened during
yesterday's investigations as well, but I reset it to text again.

> Can you please try the following:
>
> 1. Fire up a terminal and go to the directory of the audioscrobbler
> plugin (where __init__.py and all the others are located)
>
> 2. Launch the python interactive console
>
> 3. Import _scrobbler
>
> 4. Try _scrobbler.login($username, $password_hash, hashpw=False,
> post_url='http://post.audioscrobbler.com/')
>
> 5. Try _scrobbler.login($username, $password, hashpw=True,
> post_url='http://post.audioscrobbler.com/')
>
> Both 4. and 5. should yield no exceptions.
>

Ok, and added one more, text passwor with Fale hashpw:

[vincent:~/exaile/plugins/audioscrobbler] jack% ipython2.5
Python 2.5.4 (r254:67916, Jul 6 2009, 09:34:22)
Type "copyright", "credits" or "license" for more information.

IPython 0.9.1 -- An enhanced Interactive Python.
? -> Introduction and overview of IPython's features.
%quickref -> Quick reference.
help -> Python's own help system.
object? -> Details about 'object'. ?object also works, ?? prints more.

In [1]: import _scrobbler

In [2]: pw5=...

In [3]: pw=...

In [4]: _scrobbler.login("jitg", pw, hashpw=False,
post_url='http://post.audioscrobbler.com/')

In [5]: _scrobbler.login("jitg", pw, hashpw=True,
post_url='http://post.audioscrobbler.com/')

In [6]: _scrobbler.login("jitg", pw5, hashpw=False,
post_url='http://post.audioscrobbler.com/')

As you see, non-hash pw + hashpw=False doesn't rase a thing, and it
should, the reply contains nothing hence no cookie for the session
(SESSION_ID)

Jack

>
> Regards, Mathias
>
> - --
> debian/rules
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkpwGXEACgkQYfUFJ3ewsJhY8QCeN2a7hLueLZvcmQXPVDiNzufL
> 6xQAn3RGBpQMcL/GDTGSEyBCeH0EkaQK
> =LxBQ
> -----END PGP SIGNATURE-----
>
> --
> audioscrobbler won't login/submit problems
> https://bugs.launchpad.net/bugs/406231
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in Exaile: Invalid
>
> Bug description:
> Audioscroblet plugin doesn't login properly, here's the output.
>
>
> INFO : AS: attempting to connect to audioscrobbler
> INFO : Loading collection...
> INFO : AS: Connected to audioscrobbler
> INFO : Loading devices...
> WARNING : Failed to connect to HAL, autodetection of devices will be disabled.
> INFO : Loading interface...
> INFO : Playing file:///Users/jack/mp3/Bad_Plus%2C_The/2003-These_Are_The_Vistas/01-Big_Eater.mp3
> INFO : Attempting to submit now playing information...
> Exception in thread Thread-8:
> Traceback (most recent call last):
> File "/opt/local/Library/Frameworks/Python.framework/Versions/2.5/lib/python2.5/threading.py", line 486, in __bootstrap_inner
> self.run()
> File "/opt/local/Library/Frameworks/Python.framework/Versions/2.5/lib/python2.5/threading.py", line 446, in run
> self.__target(*self.__args, **self.__kwargs)
> File "/Users/jack/exaile_bazaar/exaile/data/plugins/audioscrobbler/__init__.py", line 110, in now_playing
> track.get_duration(), track.get_track())
> File "/Users/jack/exaile_bazaar/exaile/data/plugins/audioscrobbler/_scrobbler.py", line 152, in now_playing
> raise AuthError("Please 'login()' first. (No session available)")
> AuthError: Please 'login()' first. (No session available)
>
>
> Problem is: if non-md5 password is used in login() with hashpw=False, first call in initialize() routine for some reason doesn't raise the exceptions and the next call (wh haspw=True) isn't triggered.
> When setting both calls of login to use hashpw=True, the iniitial login succeeds and proper cookie value is obtained,
>
> Reworked initialize():
>
> def initialize(self, username, password, server):
> logger.info("AS: attempting to connect to audioscrobbler")
> try:
> scrobbler.login(username, password, hashpw=True, post_url=server)
> except:
>
> try:
> scrobbler.login(username, password, hashpw=True, post_url=server)
> except:
> self.connecting = False
> common.log_exception()
> return
> logger.info("AS: Connected to audioscrobbler")
>
> event.add_callback(self.on_play, 'playback_track_start')
> event.add_callback(self.on_stop, 'playback_track_end')
> self.connected = True
> self.connecting = False
>
> @common.threaded
>
> Anyway, reviewing the _scrobbler.py and __init.py login procedures raised some questions:
>
> 1. Lastfm expects md5-hashed passwords.
>
> 2. settings.ini should always have md5-hashed pw stored, or and indication if the password is md5 or no.
> Actually, during my investigation, if my memory doesn't betray me, at some point it did store md5 password iside the ini file.
>
>
> I think the ideal behaviour should be one of these:
>
> 1. store md5 digest of pw in the file and use login(hashpw=False)
>
> 2. store plain text pw and use login(hashpw=True)
>
> 3. store either pw with propper marker of it md5-ness and use login(hashpw=(not md5-ness of the pw))
>
> Off course security-wise non-md5 pw in setting.ini file isn't good.
>
>
>
> System used: OSX10.4.11
> python 2.5.4
>
>