summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 22959bf)
raw | patch | inline | side by side (parent: 22959bf)
author | schlatterbeck <schlatterbeck@57a73879-2fb5-44c3-a270-3262357dd7e2> | |
Thu, 14 Apr 2011 18:27:51 +0000 (18:27 +0000) | ||
committer | schlatterbeck <schlatterbeck@57a73879-2fb5-44c3-a270-3262357dd7e2> | |
Thu, 14 Apr 2011 18:27:51 +0000 (18:27 +0000) |
encoding schemes
git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/roundup/trunk@4594 57a73879-2fb5-44c3-a270-3262357dd7e2
git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/roundup/trunk@4594 57a73879-2fb5-44c3-a270-3262357dd7e2
roundup/password.py | patch | blob | history | |
test/test_cgi.py | patch | blob | history |
diff --git a/roundup/password.py b/roundup/password.py
index 92ada54a1fa8756e2d62ad6e9d5580efcbcad3ad..adb2cc4c5e1b6353076c497fea8ab2e3d49da518 100644 (file)
--- a/roundup/password.py
+++ b/roundup/password.py
"""
#TODO: code to migrate from old password schemes.
"""
#TODO: code to migrate from old password schemes.
- known_schemes = [ "PBKDF2", "SHA", "MD5", "crypt", "plaintext" ]
+ deprecated_schemes = ["SHA", "MD5", "crypt", "plaintext"]
+ known_schemes = ["PBKDF2"] + deprecated_schemes
def __init__(self, plaintext=None, scheme=None, encrypted=None, strict=False):
"""Call setPassword if plaintext is not None."""
def __init__(self, plaintext=None, scheme=None, encrypted=None, strict=False):
"""Call setPassword if plaintext is not None."""
""" Password has insecure scheme or other insecure parameters
and needs migration to new password scheme
"""
""" Password has insecure scheme or other insecure parameters
and needs migration to new password scheme
"""
- if self.scheme != 'PBKDF2':
+ if self.scheme in self.deprecated_schemes:
return True
rounds, salt, raw_salt, digest = pbkdf2_unpack(self.password)
if rounds < 1000:
return True
rounds, salt, raw_salt, digest = pbkdf2_unpack(self.password)
if rounds < 1000:
diff --git a/test/test_cgi.py b/test/test_cgi.py
index 17e2f376d35534a2ee4bbfa19ddb3f9e1c2dd056..2d63ed4c26df63cb442ecfdcc4dbd933ad219981 100644 (file)
--- a/test/test_cgi.py
+++ b/test/test_cgi.py
cl = self._make_client(form)
# assume that the "best" algorithm is the first one and doesn't
# need migration, all others should be migrated.
cl = self._make_client(form)
# assume that the "best" algorithm is the first one and doesn't
# need migration, all others should be migrated.
- for scheme in password.Password.known_schemes[1:]:
+ for scheme in password.Password.deprecated_schemes:
pw1 = password.Password('foo', scheme=scheme)
self.assertEqual(pw1.needs_migration(), True)
self.db.user.set(chef, password=pw1)
pw1 = password.Password('foo', scheme=scheme)
self.assertEqual(pw1.needs_migration(), True)
self.db.user.set(chef, password=pw1)