use idea from Eli Collins to use a list of deprecated password

encoding schemes

git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/roundup/trunk@4594 57a73879-2fb5-44c3-a270-3262357dd7e2

diff --git a/roundup/password.py b/roundup/password.py
index 92ada54a1fa8756e2d62ad6e9d5580efcbcad3ad..adb2cc4c5e1b6353076c497fea8ab2e3d49da518 100644 (file)
--- a/roundup/password.py
+++ b/roundup/password.py
@@ -240,7 +240,8 @@ class Password(JournalPassword):
     """
     #TODO: code to migrate from old password schemes.
 
-    known_schemes = [ "PBKDF2", "SHA", "MD5", "crypt", "plaintext" ]
+    deprecated_schemes = ["SHA", "MD5", "crypt", "plaintext"]
+    known_schemes = ["PBKDF2"] + deprecated_schemes
 
     def __init__(self, plaintext=None, scheme=None, encrypted=None, strict=False):
         """Call setPassword if plaintext is not None."""
@@ -259,7 +260,7 @@ class Password(JournalPassword):
         """ Password has insecure scheme or other insecure parameters
             and needs migration to new password scheme
         """
-        if self.scheme != 'PBKDF2':
+        if self.scheme in self.deprecated_schemes:
             return True
         rounds, salt, raw_salt, digest = pbkdf2_unpack(self.password)
         if rounds < 1000:

diff --git a/test/test_cgi.py b/test/test_cgi.py
index 17e2f376d35534a2ee4bbfa19ddb3f9e1c2dd056..2d63ed4c26df63cb442ecfdcc4dbd933ad219981 100644 (file)
--- a/test/test_cgi.py
+++ b/test/test_cgi.py
@@ -431,7 +431,7 @@ class FormTestCase(unittest.TestCase):
         cl = self._make_client(form)
         # assume that the "best" algorithm is the first one and doesn't
         # need migration, all others should be migrated.
-        for scheme in password.Password.known_schemes[1:]:
+        for scheme in password.Password.deprecated_schemes:
             pw1 = password.Password('foo', scheme=scheme)
             self.assertEqual(pw1.needs_migration(), True)
             self.db.user.set(chef, password=pw1)