##// END OF EJS Templates
Changed password crypting scheme to bcrypt, added dependency for setup
marcink -
r415:04e8b31f default
parent child Browse files
Show More
@@ -30,7 +30,7 b' from pylons_app.model import meta'
30 30 from pylons_app.model.db import User, RepoToPerm, Repository, Permission
31 31 from sqlalchemy.exc import OperationalError
32 32 from sqlalchemy.orm.exc import NoResultFound, MultipleResultsFound
33 import hashlib
33 import bcrypt
34 34 from decorator import decorator
35 35 import logging
36 36
@@ -39,9 +39,11 b' log = logging.getLogger(__name__)'
39 39 def get_crypt_password(password):
40 40 """Cryptographic function used for password hashing based on sha1
41 41 @param password: password to hash
42 """
43 hashed = hashlib.sha1(password).hexdigest()
44 return hashed[3:] + hashed[:3]
42 """
43 return bcrypt.hashpw(password, bcrypt.gensalt(10))
44
45 def check_password(password, hashed):
46 return bcrypt.hashpw(password, hashed) == hashed
45 47
46 48 @cache_region('super_short_term', 'cached_user')
47 49 def get_user_cached(username):
@@ -53,7 +55,6 b' def get_user_cached(username):'
53 55 return user
54 56
55 57 def authfunc(environ, username, password):
56 password_crypt = get_crypt_password(password)
57 58 try:
58 59 user = get_user_cached(username)
59 60 except (NoResultFound, MultipleResultsFound, OperationalError) as e:
@@ -62,7 +63,7 b' def authfunc(environ, username, password'
62 63
63 64 if user:
64 65 if user.active:
65 if user.username == username and user.password == password_crypt:
66 if user.username == username and check_password(password, user.password):
66 67 log.info('user %s authenticated correctly', username)
67 68 return True
68 69 else:
@@ -24,7 +24,7 b' from formencode.validators import Unicod'
24 24 Email, Bool, StringBoolean
25 25 from pylons import session
26 26 from pylons.i18n.translation import _
27 from pylons_app.lib.auth import get_crypt_password
27 from pylons_app.lib.auth import check_password
28 28 from pylons_app.model import meta
29 29 from pylons_app.model.db import User, Repository
30 30 from sqlalchemy.exc import OperationalError
@@ -94,7 +94,7 b' class ValidAuth(formencode.validators.Fa'
94 94
95 95 def validate_python(self, value, state):
96 96 sa = meta.Session
97 crypted_passwd = get_crypt_password(value['password'])
97 password = value['password']
98 98 username = value['username']
99 99 try:
100 100 user = sa.query(User).filter(User.username == username).one()
@@ -106,7 +106,7 b' class ValidAuth(formencode.validators.Fa'
106 106 error_dict=self.e_dict)
107 107 if user:
108 108 if user.active:
109 if user.username == username and user.password == crypted_passwd:
109 if user.username == username and check_password(password, user.password):
110 110 from pylons_app.lib.auth import AuthUser
111 111 auth_user = AuthUser()
112 112 auth_user.username = username
@@ -24,6 +24,7 b' setup('
24 24 "mercurial>=1.6",
25 25 "pysqlite",
26 26 "whoosh>=1.0.0b5",
27 "py-bcrypt",
27 28 ],
28 29 setup_requires=["PasteScript>=1.6.3"],
29 30 packages=find_packages(exclude=['ez_setup']),
General Comments 0
You need to be logged in to leave comments. Login now