From 226665abbc075767662d110ef87aaa7fc51f8297 Mon Sep 17 00:00:00 2001 From: schlatterbeck Date: Thu, 14 Apr 2011 18:27:51 +0000 Subject: [PATCH] use idea from Eli Collins to use a list of deprecated password encoding schemes git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/roundup/trunk@4594 57a73879-2fb5-44c3-a270-3262357dd7e2 --- roundup/password.py | 5 +++-- test/test_cgi.py | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/roundup/password.py b/roundup/password.py index 92ada54..adb2cc4 100644 --- a/roundup/password.py +++ b/roundup/password.py @@ -240,7 +240,8 @@ class Password(JournalPassword): """ #TODO: code to migrate from old password schemes. - known_schemes = [ "PBKDF2", "SHA", "MD5", "crypt", "plaintext" ] + deprecated_schemes = ["SHA", "MD5", "crypt", "plaintext"] + known_schemes = ["PBKDF2"] + deprecated_schemes def __init__(self, plaintext=None, scheme=None, encrypted=None, strict=False): """Call setPassword if plaintext is not None.""" @@ -259,7 +260,7 @@ class Password(JournalPassword): """ Password has insecure scheme or other insecure parameters and needs migration to new password scheme """ - if self.scheme != 'PBKDF2': + if self.scheme in self.deprecated_schemes: return True rounds, salt, raw_salt, digest = pbkdf2_unpack(self.password) if rounds < 1000: diff --git a/test/test_cgi.py b/test/test_cgi.py index 17e2f37..2d63ed4 100644 --- a/test/test_cgi.py +++ b/test/test_cgi.py @@ -431,7 +431,7 @@ class FormTestCase(unittest.TestCase): cl = self._make_client(form) # assume that the "best" algorithm is the first one and doesn't # need migration, all others should be migrated. - for scheme in password.Password.known_schemes[1:]: + for scheme in password.Password.deprecated_schemes: pw1 = password.Password('foo', scheme=scheme) self.assertEqual(pw1.needs_migration(), True) self.db.user.set(chef, password=pw1) -- 2.30.2