1 files changed, 7 insertions, 25 deletions

diff --git a/netlib/http_auth.py b/netlib/http_auth.py
index b0451e3b..49f5925f 100644
--- a/netlib/http_auth.py
+++ b/netlib/http_auth.py
@@ -1,6 +1,7 @@
-from .contrib import md5crypt
-import http
+from __future__ import (absolute_import, print_function, division)
+from passlib.apache import HtpasswdFile
 from argparse import Action, ArgumentTypeError
+from . import http
 
 
 class NullProxyAuth():
@@ -78,32 +79,14 @@ class PassManHtpasswd:
     """
         Read usernames and passwords from an htpasswd file
     """
-    def __init__(self, fp):
+    def __init__(self, path):
         """
             Raises ValueError if htpasswd file is invalid.
         """
-        self.usernames = {}
-        for l in fp:
-            l = l.strip().split(':')
-            if len(l) != 2:
-                raise ValueError("Invalid htpasswd file.")
-            parts = l[1].split('$')
-            if len(parts) != 4:
-                raise ValueError("Invalid htpasswd file.")
-            self.usernames[l[0]] = dict(
-                token = l[1],
-                dummy = parts[0],
-                magic = parts[1],
-                salt = parts[2],
-                hashed_password = parts[3]
-            )
+        self.htpasswd = HtpasswdFile(path)
 
     def test(self, username, password_token):
-        ui = self.usernames.get(username)
-        if not ui:
-            return False
-        expected = md5crypt.md5crypt(password_token, ui["salt"], '$'+ui["magic"]+'$')
-        return expected==ui["token"]
+        return bool(self.htpasswd.check_password(username, password_token))
 
 
 class PassManSingleUser:
@@ -149,6 +132,5 @@ class NonanonymousAuthAction(AuthAction):
 
 class HtpasswdAuthAction(AuthAction):
     def getPasswordManager(self, s):
-        with open(s, "r") as f:
-            return PassManHtpasswd(f)
+        return PassManHtpasswd(s)