Mercurial > kallithea
changeset 412:b6a25169c005
fixes #25 removed crypt based password hashing and changed it into sha1 based.
| author | Marcin Kuzminski <marcin@python-works.com> |
|---|---|
| date | Thu, 19 Aug 2010 21:38:08 +0200 |
| parents | 9b67cebe6609 |
| children | 0ebec9b88d13 |
| files | pylons_app/lib/auth.py |
| diffstat | 1 files changed, 7 insertions(+), 6 deletions(-) [+] |
line wrap: on
line diff
--- a/pylons_app/lib/auth.py Wed Aug 18 19:41:08 2010 +0200 +++ b/pylons_app/lib/auth.py Thu Aug 19 21:38:08 2010 +0200 @@ -30,19 +30,18 @@ from pylons_app.model.db import User, RepoToPerm, Repository, Permission from sqlalchemy.exc import OperationalError from sqlalchemy.orm.exc import NoResultFound, MultipleResultsFound -import crypt +import hashlib from decorator import decorator import logging log = logging.getLogger(__name__) def get_crypt_password(password): - """ - Cryptographic function used for password hashing + """Cryptographic function used for password hashing based on sha1 @param password: password to hash """ - return crypt.crypt(password, '6a') - + hashed = hashlib.sha1(password).hexdigest() + return hashed[3:] + hashed[:3] @cache_region('super_short_term', 'cached_user') def get_user_cached(username): @@ -151,6 +150,8 @@ else: user.permissions['global'].add('repository.create') + user.permissions['global'].add('hg.register') + for perm in default_perms: if perm.Repository.private and not perm.Repository.user_id == user.user_id: #disable defaults for private repos, @@ -187,7 +188,7 @@ user = session.get('hg_app_user', AuthUser()) if user.is_authenticated: user = fill_data(user) - user = fill_perms(user) + user = fill_perms(user) session['hg_app_user'] = user session.save() return user