Mercurial > kallithea
changeset 750:73c99f45ef2a beta
fixed security issue when saving ldap user saved plaintext password
author | Marcin Kuzminski <marcin@python-works.com> |
---|---|
date | Wed, 24 Nov 2010 03:38:48 +0100 |
parents | fcd4fb51526e |
children | ff881ec6a140 |
files | rhodecode/model/user.py |
diffstat | 1 files changed, 4 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/rhodecode/model/user.py Wed Nov 24 03:32:53 2010 +0100 +++ b/rhodecode/model/user.py Wed Nov 24 03:38:48 2010 +0100 @@ -28,6 +28,7 @@ from rhodecode.model.db import User from rhodecode.model.meta import Session from rhodecode.lib.exceptions import * + import logging import traceback @@ -49,7 +50,7 @@ def get_by_username(self, username, cache=False, case_insensitive=False): - + if case_insensitive: user = self.sa.query(User).filter(User.username.ilike(username)) else: @@ -80,12 +81,12 @@ :param username: :param password: """ - + from rhodecode.lib.auth import get_crypt_password if self.get_by_username(username) is None: try: new_user = User() new_user.username = username - new_user.password = password + new_user.password = get_crypt_password(password) new_user.email = '%s@ldap.server' % username new_user.active = True new_user.is_ldap = True