Mercurial > kallithea
changeset 415:04e8b31fb245
Changed password crypting scheme to bcrypt, added dependency for setup
| author | Marcin Kuzminski <marcin@python-works.com> |
|---|---|
| date | Fri, 20 Aug 2010 10:59:18 +0200 |
| parents | 27f801e03489 |
| children | 25ab66a26975 |
| files | pylons_app/lib/auth.py pylons_app/model/forms.py setup.py |
| diffstat | 3 files changed, 11 insertions(+), 9 deletions(-) [+] |
line wrap: on
line diff
--- a/pylons_app/lib/auth.py Thu Aug 19 23:42:40 2010 +0200 +++ b/pylons_app/lib/auth.py Fri Aug 20 10:59:18 2010 +0200 @@ -30,7 +30,7 @@ from pylons_app.model.db import User, RepoToPerm, Repository, Permission from sqlalchemy.exc import OperationalError from sqlalchemy.orm.exc import NoResultFound, MultipleResultsFound -import hashlib +import bcrypt from decorator import decorator import logging @@ -39,9 +39,11 @@ def get_crypt_password(password): """Cryptographic function used for password hashing based on sha1 @param password: password to hash - """ - hashed = hashlib.sha1(password).hexdigest() - return hashed[3:] + hashed[:3] + """ + return bcrypt.hashpw(password, bcrypt.gensalt(10)) + +def check_password(password, hashed): + return bcrypt.hashpw(password, hashed) == hashed @cache_region('super_short_term', 'cached_user') def get_user_cached(username): @@ -53,7 +55,6 @@ return user def authfunc(environ, username, password): - password_crypt = get_crypt_password(password) try: user = get_user_cached(username) except (NoResultFound, MultipleResultsFound, OperationalError) as e: @@ -62,7 +63,7 @@ if user: if user.active: - if user.username == username and user.password == password_crypt: + if user.username == username and check_password(password, user.password): log.info('user %s authenticated correctly', username) return True else:
--- a/pylons_app/model/forms.py Thu Aug 19 23:42:40 2010 +0200 +++ b/pylons_app/model/forms.py Fri Aug 20 10:59:18 2010 +0200 @@ -24,7 +24,7 @@ Email, Bool, StringBoolean from pylons import session from pylons.i18n.translation import _ -from pylons_app.lib.auth import get_crypt_password +from pylons_app.lib.auth import check_password from pylons_app.model import meta from pylons_app.model.db import User, Repository from sqlalchemy.exc import OperationalError @@ -94,7 +94,7 @@ def validate_python(self, value, state): sa = meta.Session - crypted_passwd = get_crypt_password(value['password']) + password = value['password'] username = value['username'] try: user = sa.query(User).filter(User.username == username).one() @@ -106,7 +106,7 @@ error_dict=self.e_dict) if user: if user.active: - if user.username == username and user.password == crypted_passwd: + if user.username == username and check_password(password, user.password): from pylons_app.lib.auth import AuthUser auth_user = AuthUser() auth_user.username = username