##// END OF EJS Templates
fixed security issue when saving ldap user saved plaintext password
marcink -
r750:73c99f45 beta
parent child Browse files
Show More
@@ -28,6 +28,7 b' from rhodecode.model.caching_query impor'
28 28 from rhodecode.model.db import User
29 29 from rhodecode.model.meta import Session
30 30 from rhodecode.lib.exceptions import *
31
31 32 import logging
32 33 import traceback
33 34
@@ -49,7 +50,7 b' class UserModel(object):'
49 50
50 51
51 52 def get_by_username(self, username, cache=False, case_insensitive=False):
52
53
53 54 if case_insensitive:
54 55 user = self.sa.query(User).filter(User.username.ilike(username))
55 56 else:
@@ -80,12 +81,12 b' class UserModel(object):'
80 81 :param username:
81 82 :param password:
82 83 """
83
84 from rhodecode.lib.auth import get_crypt_password
84 85 if self.get_by_username(username) is None:
85 86 try:
86 87 new_user = User()
87 88 new_user.username = username
88 new_user.password = password
89 new_user.password = get_crypt_password(password)
89 90 new_user.email = '%s@ldap.server' % username
90 91 new_user.active = True
91 92 new_user.is_ldap = True
General Comments 0
You need to be logged in to leave comments. Login now