Mercurial > kallithea

changeset 750:73c99f45ef2a beta

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fixed security issue when saving ldap user saved plaintext password
author Marcin Kuzminski <marcin@python-works.com>
date Wed, 24 Nov 2010 03:38:48 +0100
parents fcd4fb51526e
children ff881ec6a140
files rhodecode/model/user.py
diffstat 1 files changed, 4 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/rhodecode/model/user.py	Wed Nov 24 03:32:53 2010 +0100
+++ b/rhodecode/model/user.py	Wed Nov 24 03:38:48 2010 +0100
@@ -28,6 +28,7 @@
 from rhodecode.model.db import User
 from rhodecode.model.meta import Session
 from rhodecode.lib.exceptions import *
+
 import logging
 import traceback
 
@@ -49,7 +50,7 @@
 
 
     def get_by_username(self, username, cache=False, case_insensitive=False):
-        
+
         if case_insensitive:
             user = self.sa.query(User).filter(User.username.ilike(username))
         else:
@@ -80,12 +81,12 @@
         :param username:
         :param password:
         """
-
+        from rhodecode.lib.auth import get_crypt_password
         if self.get_by_username(username) is None:
             try:
                 new_user = User()
                 new_user.username = username
-                new_user.password = password
+                new_user.password = get_crypt_password(password)
                 new_user.email = '%s@ldap.server' % username
                 new_user.active = True
                 new_user.is_ldap = True