Author: damoxc
Revision: 5683
Log:
have the change_password method accept an old_password parameter for
extra checking
move the password checking logic into a seperate check_password method
Diff:
Modified: trunk/deluge/ui/web/auth.py
===================================================================
--- trunk/deluge/ui/web/auth.py 2009-08-19 23:30:36 UTC (rev 5682)
+++ trunk/deluge/ui/web/auth.py 2009-08-20 00:04:55 UTC (rev 5683)
@@ -146,6 +146,59 @@
}
return True
+ def check_password(self, password):
+ config = component.get("DelugeWeb").config
+ if "pwd_md5" in config.config:
+ # We are using the 1.2-dev auth method
+ log.debug("Received a password via the 1.2-dev auth method")
+ m = hashlib.md5()
+ m.update(config["pwd_salt"])
+ m.update(password)
+ if m.hexdigest() == config['pwd_md5']:
+ # We want to move the password over to sha1 and remove
+ # the old passwords from the config file.
+ self.change_password(password)
+ del config.config["pwd_md5"]
+
+ # Remove the older password if there is now.
+ if "old_pwd_md5" in config.config:
+ del config.config["old_pwd_salt"]
+ del config.config["old_pwd_md5"]
+
+ return True
+
+ elif "old_pwd_md5" in config.config:
+ # We are using the 1.1 webui auth method
+ log.debug("Received a password via the 1.1 auth method")
+ from base64 import decodestring
+ m = hashlib.md5()
+ m.update(decodestring(config["old_pwd_salt"]))
+ m.update(password)
+ if m.digest() == decodestring(config["old_pwd_md5"]):
+
+ # We want to move the password over to sha1 and remove
+ # the old passwords from the config file.
+ self.change_password(password)
+ del config.config["old_pwd_salt"]
+ del config.config["old_pwd_md5"]
+
+ return True
+
+ elif "pwd_sha1" in config.config:
+ # We are using the 1.2 auth method
+ log.debug("Received a password via the 1.2 auth method")
+ s = hashlib.sha1()
+ s.update(config["pwd_salt"])
+ s.update(password)
+ if s.hexdigest() == config["pwd_sha1"]:
+ return True
+
+ else:
+ # Can't detect which method we should be using so just deny
+ # access.
+ log.debug("Failed to detect the login method")
+ return False
+
def check_request(self, request, method=None, level=None):
"""
Check to ensure that a request is authorised to call the specified
@@ -192,15 +245,22 @@
raise AuthError("Not authenticated")
@export
- def change_password(self, new_password):
+ def change_password(self, old_password, new_password):
"""
Change the password.
+ :param old_password: the current password
+ :type old_password: string
:param new_password: the password to change to
:type new_password: string
"""
- log.debug("Changing password")
d = Deferred()
+
+ if not self.check_password(old_password):
+ d.callback(False)
+ return d
+
+ log.debug("Changing password")
salt = hashlib.sha1(str(random.getrandbits(40))).hexdigest()
s = hashlib.sha1(salt)
s.update(new_password)
@@ -246,60 +306,10 @@
:returns: a session id or False
:rtype: string or False
"""
- config = component.get("DelugeWeb").config
+
d = Deferred()
-
- if "pwd_md5" in config.config:
- # We are using the 1.2-dev auth method
- log.debug("Received a login via the 1.2-dev auth method")
- m = hashlib.md5()
- m.update(config["pwd_salt"])
- m.update(password)
- if m.hexdigest() == config['pwd_md5']:
- # We have a match, so we can create and return a session id.
- d.callback(self._create_session())
-
- # We also want to move the password over to sha1 and remove
- # the old passwords from the config file.
- self.change_password(password)
- del config.config["pwd_md5"]
-
- # Remove the older password if there is now.
- if "old_pwd_md5" in config.config:
- del config.config["old_pwd_salt"]
- del config.config["old_pwd_md5"]
-
- elif "old_pwd_md5" in config.config:
- # We are using the 1.1 webui auth method
- log.debug("Received a login via the 1.1 auth method")
- from base64 import decodestring
- m = hashlib.md5()
- m.update(decodestring(config["old_pwd_salt"]))
- m.update(password)
- if m.digest() == decodestring(config["old_pwd_md5"]):
- # We have a match, so we can create and return a session id.
- d.callback(self._create_session(__request__))
-
- # We also want to move the password over to sha1 and remove
- # the old passwords from the config file.
- self.change_password(password)
- del config.config["old_pwd_salt"]
- del config.config["old_pwd_md5"]
-
- elif "pwd_sha1" in config.config:
- # We are using the 1.2 auth method
- log.debug("Received a login via the 1.2 auth method")
- s = hashlib.sha1()
- s.update(config["pwd_salt"])
- s.update(password)
- if s.hexdigest() == config["pwd_sha1"]:
- # We have a match, so we can create and return a session id.
- d.callback(self._create_session(__request__))
-
+ if self.check_password(password):
+ d.callback(self._create_session(__request__))
else:
- # Can't detect which method we should be using so just deny
- # access.
- log.debug("Failed to detect the login method")
d.callback(False)
-
return d
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"deluge-commit" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/deluge-commit?hl=en
-~----------~----~----~----~------~----~------~--~---
