Django/django
11
0
Fork 0
Code Pull Requests Projects Releases Activity

Fixed #3604 -- django.contrib.auth password checking now uses hashlib if it's available. Thanks, Rob Hudson

Browse Source 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6318 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Adrian Holovaty 2007-09-15 19:45:33 +00:00
parent 07447a0f56
commit bcfaa73514
1 changed files with 35 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
django/contrib/auth/models.py
View File

@ -15,25 +15,43 @@ try:
except NameError: except NameError:
from sets import Set as set # Python 2.3 fallback from sets import Set as set # Python 2.3 fallback
def get_hexdigest(algorithm, salt, raw_password):
"""
Returns a string of the hexdigest of the given plaintext password and salt
using the given algorithm ('md5', 'sha1' or 'crypt').
"""
raw_password, salt = smart_str(raw_password), smart_str(salt)
if algorithm == 'crypt':
try:
import crypt
except ImportError:
raise ValueError('"crypt" password algorithm not supported in this environment')
return crypt.crypt(raw_password, salt)
# The rest of the supported algorithms are supported by hashlib, but
# hashlib is only available in Python 2.5.
try:
import hashlib
except ImportError:
if algorithm == 'md5':
import md5
return md5.new(salt + raw_password).hexdigest()
elif algorithm == 'sha1':
import sha
return sha.new(salt + raw_password).hexdigest()
else:
if algorithm == 'md5':
return hashlib.md5(salt + raw_password).hexdigest()
elif algorithm == 'sha1':
return hashlib.sha1(salt + raw_password).hexdigest()
raise ValueError("Got unknown password algorithm type in password.")
def check_password(raw_password, enc_password): def check_password(raw_password, enc_password):
""" """
Returns a boolean of whether the raw_password was correct. Handles Returns a boolean of whether the raw_password was correct. Handles
encryption formats behind the scenes. encryption formats behind the scenes.
""" """
algo, salt, hsh = enc_password.split('$') algo, salt, hsh = enc_password.split('$')
if algo == 'md5': return hsh == get_hexdigest(algo, salt, raw_password)
import md5
return hsh == md5.new(smart_str(salt + raw_password)).hexdigest()
elif algo == 'sha1':
import sha
return hsh == sha.new(smart_str(salt + raw_password)).hexdigest()
elif algo == 'crypt':
try:
import crypt
except ImportError:
raise ValueError, "Crypt password algorithm not supported in this environment."
return hsh == crypt.crypt(smart_str(raw_password), smart_str(salt))
raise ValueError, "Got unknown password algorithm type in password."
class SiteProfileNotAvailable(Exception): class SiteProfileNotAvailable(Exception):
pass pass
@ -162,10 +180,10 @@ class User(models.Model):
return full_name.strip() return full_name.strip()
def set_password(self, raw_password): def set_password(self, raw_password):
import sha, random import random
algo = 'sha1' algo = 'sha1'
salt = sha.new(str(random.random())).hexdigest()[:5] salt = get_hexdigest(algo, str(random.random()), str(random.random()))[:5]
hsh = sha.new(salt + smart_str(raw_password)).hexdigest() hsh = get_hexdigest(algo, salt, raw_password)
self.password = '%s$%s$%s' % (algo, salt, hsh) self.password = '%s$%s$%s' % (algo, salt, hsh)
def check_password(self, raw_password): def check_password(self, raw_password):
@ -176,8 +194,7 @@ class User(models.Model):
# Backwards-compatibility check. Older passwords won't include the # Backwards-compatibility check. Older passwords won't include the
# algorithm or salt. # algorithm or salt.
if '$' not in self.password: if '$' not in self.password:
import md5 is_correct = (self.password == get_hexdigest('md5', '', raw_password))
is_correct = (self.password == md5.new(smart_str(raw_password)).hexdigest())
if is_correct: if is_correct:
# Convert the password to the new, more secure format. # Convert the password to the new, more secure format.
self.set_password(raw_password) self.set_password(raw_password)