use idea from Eli Collins to use a list of deprecated password

author schlatterbeck <schlatterbeck@57a73879-2fb5-44c3-a270-3262357dd7e2>

Thu, 14 Apr 2011 18:27:51 +0000 (18:27 +0000)

committer schlatterbeck <schlatterbeck@57a73879-2fb5-44c3-a270-3262357dd7e2>

Thu, 14 Apr 2011 18:27:51 +0000 (18:27 +0000)
author schlatterbeck <schlatterbeck@57a73879-2fb5-44c3-a270-3262357dd7e2>
Thu, 14 Apr 2011 18:27:51 +0000 (18:27 +0000)
committer schlatterbeck <schlatterbeck@57a73879-2fb5-44c3-a270-3262357dd7e2>
Thu, 14 Apr 2011 18:27:51 +0000 (18:27 +0000)
diff --git a/roundup/password.py b/roundup/password.py

index 92ada54a1fa8756e2d62ad6e9d5580efcbcad3ad..adb2cc4c5e1b6353076c497fea8ab2e3d49da518 100644 (file)
--- a/roundup/password.py
+++ b/roundup/password.py
@@ -240,7 +240,8 @@ class Password(JournalPassword):
      """
      #TODO: code to migrate from old password schemes.
  
      """
      #TODO: code to migrate from old password schemes.
  
-    known_schemes = [ "PBKDF2", "SHA", "MD5", "crypt", "plaintext" ]
+    deprecated_schemes = ["SHA", "MD5", "crypt", "plaintext"]
+    known_schemes = ["PBKDF2"] + deprecated_schemes
  
      def __init__(self, plaintext=None, scheme=None, encrypted=None, strict=False):
          """Call setPassword if plaintext is not None."""
  
      def __init__(self, plaintext=None, scheme=None, encrypted=None, strict=False):
          """Call setPassword if plaintext is not None."""
@@ -259,7 +260,7 @@ class Password(JournalPassword):
          """ Password has insecure scheme or other insecure parameters
              and needs migration to new password scheme
          """
          """ Password has insecure scheme or other insecure parameters
              and needs migration to new password scheme
          """
-        if self.scheme != 'PBKDF2':
+        if self.scheme in self.deprecated_schemes:
              return True
          rounds, salt, raw_salt, digest = pbkdf2_unpack(self.password)
          if rounds < 1000:
              return True
          rounds, salt, raw_salt, digest = pbkdf2_unpack(self.password)
          if rounds < 1000:
diff --git a/test/test_cgi.py b/test/test_cgi.py

index 17e2f376d35534a2ee4bbfa19ddb3f9e1c2dd056..2d63ed4c26df63cb442ecfdcc4dbd933ad219981 100644 (file)
--- a/test/test_cgi.py
+++ b/test/test_cgi.py
@@ -431,7 +431,7 @@ class FormTestCase(unittest.TestCase):
          cl = self._make_client(form)
          # assume that the "best" algorithm is the first one and doesn't
          # need migration, all others should be migrated.
          cl = self._make_client(form)
          # assume that the "best" algorithm is the first one and doesn't
          # need migration, all others should be migrated.
-        for scheme in password.Password.known_schemes[1:]:
+        for scheme in password.Password.deprecated_schemes:
              pw1 = password.Password('foo', scheme=scheme)
              self.assertEqual(pw1.needs_migration(), True)
              self.db.user.set(chef, password=pw1)
              pw1 = password.Password('foo', scheme=scheme)
              self.assertEqual(pw1.needs_migration(), True)
              self.db.user.set(chef, password=pw1)
author	schlatterbeck <schlatterbeck@57a73879-2fb5-44c3-a270-3262357dd7e2>
	Thu, 14 Apr 2011 18:27:51 +0000 (18:27 +0000)
committer	schlatterbeck <schlatterbeck@57a73879-2fb5-44c3-a270-3262357dd7e2>
	Thu, 14 Apr 2011 18:27:51 +0000 (18:27 +0000)
roundup/password.py		patch \| blob \| history
test/test_cgi.py		patch \| blob \| history