diff --git a/roundup/password.py b/roundup/password.py
index 9ae02c6c6492f49f95fae13c995934fcf679561f..8400f67a1bfc59c7a980aa6d6ff6a89a32153b9d 100644 (file)
--- a/roundup/password.py
+++ b/roundup/password.py
# BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE,
# SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
#
-# $Id: password.py,v 1.3 2001-10-20 11:58:48 richard Exp $
+# $Id: password.py,v 1.8 2002-12-18 23:57:09 richard Exp $
-import sha, re
+__doc__ = """
+Password handling (encoding, decoding).
+"""
-def encodePassword(plaintext, scheme):
+import sha, re, string
+try:
+ import crypt
+except:
+ crypt = None
+ pass
+
+def encodePassword(plaintext, scheme, other=None):
'''Encrypt the plaintext password.
'''
+ if plaintext is None:
+ plaintext = ""
if scheme == 'SHA':
s = sha.sha(plaintext).hexdigest()
+ elif scheme == 'crypt' and crypt is not None:
+ if other is not None:
+ salt = other[:2]
+ else:
+ saltchars = './0123456789'+string.letters
+ salt = random.choice(saltchars) + random.choice(saltchars)
+ s = crypt.crypt(plaintext, salt)
elif scheme == 'plaintext':
- pass
+ s = plaintext
else:
raise ValueError, 'Unknown encryption scheme "%s"'%scheme
return s
default_scheme = 'SHA' # new encryptions use this scheme
pwre = re.compile(r'{(\w+)}(.+)')
- def __init__(self, plaintext=None):
+ def __init__(self, plaintext=None, scheme=None):
'''Call setPassword if plaintext is not None.'''
+ if scheme is None:
+ scheme = self.default_scheme
if plaintext is not None:
self.password = encodePassword(plaintext, self.default_scheme)
self.scheme = self.default_scheme
self.password = encodePassword(encrypted, self.default_scheme)
self.scheme = self.default_scheme
- def setPassword(self, plaintext):
+ def setPassword(self, plaintext, scheme=None):
'''Sets encrypts plaintext.'''
- self.password = encodePassword(plaintext, self.scheme)
+ if scheme is None:
+ scheme = self.default_scheme
+ self.password = encodePassword(plaintext, scheme)
def __cmp__(self, other):
'''Compare this password against another password.'''
# check to see if we're comparing instances
if isinstance(other, Password):
if self.scheme != other.scheme:
- return
+ return cmp(self.scheme, other.scheme)
return cmp(self.password, other.password)
# assume password is plaintext
if self.password is None:
raise ValueError, 'Password not set'
- return cmp(self.password, encodePassword(other, self.scheme))
+ return cmp(self.password, encodePassword(other, self.scheme,
+ self.password))
def __str__(self):
'''Stringify the encrypted password for database storage.'''
return '{%s}%s'%(self.scheme, self.password)
def test():
+ # SHA
p = Password('sekrit')
assert p == 'sekrit'
assert p != 'not sekrit'
assert 'sekrit' == p
assert 'not sekrit' != p
+ # crypt
+ p = Password('sekrit', 'crypt')
+ assert p == 'sekrit'
+ assert p != 'not sekrit'
+ assert 'sekrit' == p
+ assert 'not sekrit' != p
+
if __name__ == '__main__':
test()
-#
-# $Log: not supported by cvs2svn $
-# Revision 1.2 2001/10/09 23:58:10 richard
-# Moved the data stringification up into the hyperdb.Class class' get, set
-# and create methods. This means that the data is also stringified for the
-# journal call, and removes duplication of code from the backends. The
-# backend code now only sees strings.
-#
-# Revision 1.1 2001/10/09 07:25:59 richard
-# Added the Password property type. See "pydoc roundup.password" for
-# implementation details. Have updated some of the documentation too.
-#
-#
-#
# vim: set filetype=python ts=4 sw=4 et si