upstream/kallithea Commit - r415:04e8b31f

Changed password crypting scheme to bcrypt, added dependency for setup

marcink -

r415:04e8b31f default

parent child

pylons_app/lib/auth.py

0 +6 -5

             from pylons_app.model.db import User, RepoToPerm, Repository, Permission
             from sqlalchemy.exc import OperationalError
             from sqlalchemy.orm.exc import NoResultFound, MultipleResultsFound
-            import hashlib
+            import bcrypt
             from decorator import decorator
             import logging
                 """Cryptographic function used for password hashing based on sha1
                 @param password: password to hash
                 """
-                hashed = hashlib.sha1(password).hexdigest()
+                return bcrypt.hashpw(password, bcrypt.gensalt(10))
-                return hashed[3:] + hashed[:3]
+            def check_password(password, hashed):
+                return bcrypt.hashpw(password, hashed) == hashed
             @cache_region('super_short_term', 'cached_user')
             def get_user_cached(username):
                 return user
             def authfunc(environ, username, password):
-                password_crypt = get_crypt_password(password)
                 try:
                     user = get_user_cached(username)
                 except (NoResultFound, MultipleResultsFound, OperationalError) as e:
                 if user:
                     if user.active:
-                        if user.username == username and user.password == password_crypt:
+                        if user.username == username and check_password(password, user.password):
                             log.info('user %s authenticated correctly', username)
                             return True
                     else:

pylons_app/model/forms.py

0 +3 -3

                 Email, Bool, StringBoolean
             from pylons import session
             from pylons.i18n.translation import _
-            from pylons_app.lib.auth import get_crypt_password
+            from pylons_app.lib.auth import check_password
             from pylons_app.model import meta
             from pylons_app.model.db import User, Repository
             from sqlalchemy.exc import OperationalError
                 def validate_python(self, value, state):
                     sa = meta.Session
-                    crypted_passwd = get_crypt_password(value['password'])
+                    password = value['password']
                     username = value['username']
                     try:
                         user = sa.query(User).filter(User.username == username).one()
                                                  error_dict=self.e_dict)
                     if user:
                         if user.active:
-                            if user.username == username and user.password == crypted_passwd:
+                            if user.username == username and check_password(password, user.password):
                                 from pylons_app.lib.auth import AuthUser
                                 auth_user = AuthUser()
                                 auth_user.username = username

setup.py

0 +1 0

                     "mercurial>=1.6",
                     "pysqlite",
                     "whoosh>=1.0.0b5",
+                    "py-bcrypt",
                 ],
                 setup_requires=["PasteScript>=1.6.3"],
                 packages=find_packages(exclude=['ez_setup']),

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages