summaryrefslogtreecommitdiff
path: root/django
diff options
context:
space:
mode:
authorAdrian Holovaty <adrian@holovaty.com>2005-11-21 03:33:22 +0000
committerAdrian Holovaty <adrian@holovaty.com>2005-11-21 03:33:22 +0000
commita49fa746cdc056f0b660f47fbc55aa43fcd54bcc (patch)
tree06570228609c2f52a40fce2a58be4a39a7f774a5 /django
parentf1a8869339a4d6d004028c1234aaf706e420b5dd (diff)
Fixed #273 -- BACKWARDS-INCOMPATIBLE CHANGE -- Changed auth.User.password field to add support for other password encryption algorithms. Renamed password_md5 to password and changed field length from 32 to 128. See http://code.djangoproject.com/wiki/BackwardsIncompatibleChanges for upgrade information
git-svn-id: http://code.djangoproject.com/svn/django/trunk@1327 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'django')
-rw-r--r--django/models/auth.py41
1 files changed, 31 insertions, 10 deletions
diff --git a/django/models/auth.py b/django/models/auth.py
index d0c13f66ce..21b4c2f146 100644
--- a/django/models/auth.py
+++ b/django/models/auth.py
@@ -34,7 +34,7 @@ class User(meta.Model):
first_name = meta.CharField(_('first name'), maxlength=30, blank=True)
last_name = meta.CharField(_('last name'), maxlength=30, blank=True)
email = meta.EmailField(_('e-mail address'), blank=True)
- password_md5 = meta.CharField(_('password'), maxlength=32, help_text=_("Use an MD5 hash -- not the raw password."))
+ password = meta.CharField(_('password'), maxlength=128, help_text=_("Use '[algo]$[salt]$[hexdigest]"))
is_staff = meta.BooleanField(_('staff status'), help_text=_("Designates whether the user can log into this admin site."))
is_active = meta.BooleanField(_('active'), default=True)
is_superuser = meta.BooleanField(_('superuser status'))
@@ -53,7 +53,7 @@ class User(meta.Model):
exceptions = ('SiteProfileNotAvailable',)
admin = meta.Admin(
fields = (
- (None, {'fields': ('username', 'password_md5')}),
+ (None, {'fields': ('username', 'password')}),
(_('Personal info'), {'fields': ('first_name', 'last_name', 'email')}),
(_('Permissions'), {'fields': ('is_staff', 'is_active', 'is_superuser', 'user_permissions')}),
(_('Important dates'), {'fields': ('last_login', 'date_joined')}),
@@ -78,13 +78,35 @@ class User(meta.Model):
return full_name.strip()
def set_password(self, raw_password):
- import md5
- self.password_md5 = md5.new(raw_password).hexdigest()
+ import sha, random
+ algo = 'sha1'
+ salt = sha.new(str(random.random())).hexdigest()[:5]
+ hsh = sha.new(salt+raw_password).hexdigest()
+ self.password = '%s$%s$%s' % (algo, salt, hsh)
def check_password(self, raw_password):
- "Returns a boolean of whether the raw_password was correct."
- import md5
- return self.password_md5 == md5.new(raw_password).hexdigest()
+ """
+ Returns a boolean of whether the raw_password was correct. Handles
+ encryption formats behind the scenes.
+ """
+ # Backwards-compatibility check. Older passwords won't include the
+ # algorithm or salt.
+ if '$' not in self.password:
+ import md5
+ is_correct = (self.password == md5.new(raw_password).hexdigest())
+ if is_correct:
+ # Convert the password to the new, more secure format.
+ self.set_password(raw_password)
+ self.save()
+ return is_correct
+ algo, salt, hsh = self.password.split('$')
+ if algo == 'md5':
+ import md5
+ return hsh == md5.new(salt+raw_password).hexdigest()
+ elif algo == 'sha1':
+ import sha
+ return hsh == sha.new(salt+raw_password).hexdigest()
+ raise ValueError, "Got unknown password algorithm type in password."
def get_group_permissions(self):
"Returns a list of permission strings that this user has through his/her groups."
@@ -176,10 +198,9 @@ class User(meta.Model):
def _module_create_user(username, email, password):
"Creates and saves a User with the given username, e-mail and password."
- import md5
- password_md5 = md5.new(password).hexdigest()
now = datetime.datetime.now()
- user = User(None, username, '', '', email.strip().lower(), password_md5, False, True, False, now, now)
+ user = User(None, username, '', '', email.strip().lower(), 'placeholder', False, True, False, now, now)
+ user.set_password(password)
user.save()
return user