diff --git a/roundup/cgi/actions.py b/roundup/cgi/actions.py
index e3de0dea5c9458e60943845c47c5f2baaad6267a..86bd4f1f112a5e2e82eb936ad6d0a185da6033bd 100755 (executable)
--- a/roundup/cgi/actions.py
+++ b/roundup/cgi/actions.py
props = ['id'] + props_without_id
# do the edit
- rows = io_.StringIO(self.form['rows'].value)
+ rows = io_.BytesIO(self.form['rows'].value)
reader = csv.reader(rows)
found = {}
line = 0
if isinstance(prop, hyperdb.Multilink):
value = value.split(':')
elif isinstance(prop, hyperdb.Password):
- value = password.Password(value)
+ value = password.Password(value, config=self.db.config)
elif isinstance(prop, hyperdb.Interval):
value = date.Interval(value)
elif isinstance(prop, hyperdb.Date):
# XXX we need to make the "default" page be able to display errors!
try:
# set the password
- cl.set(uid, password=password.Password(newpw))
+ cl.set(uid, password=password.Password(newpw, config=self.db.config))
# clear the props from the otk database
otks.destroy(otk)
self.db.commit()
# nice message
message = self._('You are now registered, welcome!')
url = '%suser%s?@ok_message=%s'%(self.base, self.userid,
- urllib._quote(message))
+ urllib_.quote(message))
# redirect to the user's page (but not 302, as some email clients seem
# to want to reload the page, or something)
raise exceptions.LoginError(self._(
"You do not have permission to login"))
- def verifyPassword(self, userid, password):
- '''Verify the password that the user has supplied'''
- stored = self.db.user.get(userid, 'password')
- if password == stored:
+ def verifyPassword(self, userid, givenpw):
+ '''Verify the password that the user has supplied.
+ Optionally migrate to new password scheme if configured
+ '''
+ db = self.db
+ stored = db.user.get(userid, 'password')
+ if givenpw == stored:
+ if db.config.WEB_MIGRATE_PASSWORDS and stored.needs_migration():
+ newpw = password.Password(givenpw, config=db.config)
+ db.user.set(userid, password=newpw)
+ db.commit()
return 1
- if not password and not stored:
+ if not givenpw and not stored:
return 1
return 0