mirror of https://github.com/django/django.git
Fixed #3604 -- django.contrib.auth password checking now uses hashlib if it's available. Thanks, Rob Hudson
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6318 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
07447a0f56
commit
bcfaa73514
|
@ -15,25 +15,43 @@ try:
|
|||
except NameError:
|
||||
from sets import Set as set # Python 2.3 fallback
|
||||
|
||||
def get_hexdigest(algorithm, salt, raw_password):
|
||||
"""
|
||||
Returns a string of the hexdigest of the given plaintext password and salt
|
||||
using the given algorithm ('md5', 'sha1' or 'crypt').
|
||||
"""
|
||||
raw_password, salt = smart_str(raw_password), smart_str(salt)
|
||||
if algorithm == 'crypt':
|
||||
try:
|
||||
import crypt
|
||||
except ImportError:
|
||||
raise ValueError('"crypt" password algorithm not supported in this environment')
|
||||
return crypt.crypt(raw_password, salt)
|
||||
# The rest of the supported algorithms are supported by hashlib, but
|
||||
# hashlib is only available in Python 2.5.
|
||||
try:
|
||||
import hashlib
|
||||
except ImportError:
|
||||
if algorithm == 'md5':
|
||||
import md5
|
||||
return md5.new(salt + raw_password).hexdigest()
|
||||
elif algorithm == 'sha1':
|
||||
import sha
|
||||
return sha.new(salt + raw_password).hexdigest()
|
||||
else:
|
||||
if algorithm == 'md5':
|
||||
return hashlib.md5(salt + raw_password).hexdigest()
|
||||
elif algorithm == 'sha1':
|
||||
return hashlib.sha1(salt + raw_password).hexdigest()
|
||||
raise ValueError("Got unknown password algorithm type in password.")
|
||||
|
||||
def check_password(raw_password, enc_password):
|
||||
"""
|
||||
Returns a boolean of whether the raw_password was correct. Handles
|
||||
encryption formats behind the scenes.
|
||||
"""
|
||||
algo, salt, hsh = enc_password.split('$')
|
||||
if algo == 'md5':
|
||||
import md5
|
||||
return hsh == md5.new(smart_str(salt + raw_password)).hexdigest()
|
||||
elif algo == 'sha1':
|
||||
import sha
|
||||
return hsh == sha.new(smart_str(salt + raw_password)).hexdigest()
|
||||
elif algo == 'crypt':
|
||||
try:
|
||||
import crypt
|
||||
except ImportError:
|
||||
raise ValueError, "Crypt password algorithm not supported in this environment."
|
||||
return hsh == crypt.crypt(smart_str(raw_password), smart_str(salt))
|
||||
raise ValueError, "Got unknown password algorithm type in password."
|
||||
return hsh == get_hexdigest(algo, salt, raw_password)
|
||||
|
||||
class SiteProfileNotAvailable(Exception):
|
||||
pass
|
||||
|
@ -162,10 +180,10 @@ class User(models.Model):
|
|||
return full_name.strip()
|
||||
|
||||
def set_password(self, raw_password):
|
||||
import sha, random
|
||||
import random
|
||||
algo = 'sha1'
|
||||
salt = sha.new(str(random.random())).hexdigest()[:5]
|
||||
hsh = sha.new(salt + smart_str(raw_password)).hexdigest()
|
||||
salt = get_hexdigest(algo, str(random.random()), str(random.random()))[:5]
|
||||
hsh = get_hexdigest(algo, salt, raw_password)
|
||||
self.password = '%s$%s$%s' % (algo, salt, hsh)
|
||||
|
||||
def check_password(self, raw_password):
|
||||
|
@ -176,8 +194,7 @@ class User(models.Model):
|
|||
# Backwards-compatibility check. Older passwords won't include the
|
||||
# algorithm or salt.
|
||||
if '$' not in self.password:
|
||||
import md5
|
||||
is_correct = (self.password == md5.new(smart_str(raw_password)).hexdigest())
|
||||
is_correct = (self.password == get_hexdigest('md5', '', raw_password))
|
||||
if is_correct:
|
||||
# Convert the password to the new, more secure format.
|
||||
self.set_password(raw_password)
|
||||
|
|
Loading…
Reference in New Issue