[Product-Developers] pas.plugins.sqlalchemy

Thu, 10 Sep 2009 14:33:32 -0700 

I was trying to fix pas.plugins.sqlalchemy so it would be compatible with
the existing password hashes stored in my ZODB.

Here's a pretty simple patch that might fix the problem. It uses
AccessControl.AuthEncoding, something pas.plugins.sqlalchemy indirectly
depends on anyway, to encrypt the passwords. AuthEncoding should be easy to
migrate to from pas.plugins.sqlalchemy's existing half-assed scheme. Instead
of storing the hash and the salt in separate fields, AuthEncoding stores
{SSHA}HashSalt in one field, RFC 2307 style, and can use more than one
encryption scheme. Plone uses the SSHA scheme by default.

zope.password is an equivalent to AuthEncoding that looks to have fewer
indirect dependencies.

The tests won't run for me. "python setup.py test" does not work, nor inside
a ZODB "instance shell". Could you fix up the docs to include a "running the
tests" section?

Thanks,

Daniel Holth

changeset:   2:54933b50b688
diff --git a/src/pas/plugins/sqlalchemy/model.py b/src/pas/plugins/sqlalchemy/model.py
--- a/src/pas/plugins/sqlalchemy/model.py
+++ b/src/pas/plugins/sqlalchemy/model.py
@@ -28,6 +28,8 @@
 import sha
 import datetime
 
+from AccessControl import AuthEncoding
+
 from sqlalchemy.ext.declarative import declarative_base
 from sqlalchemy import Table, Column, Integer, String, Boolean, DateTime, TIMESTAMP
 from sqlalchemy import Text, Float, ForeignKey, Sequence
@@ -120,21 +122,25 @@
         self.name = name
         self.login = login
         self.password = password
-        self.salt = self.generate_salt()
+        self.salt = None
         self.date_created = datetime.datetime.now()
 
     def generate_salt(self):
         return ''.join(random.sample(string.letters, 12))
 
+    # deprecated
     def encrypt(self, password):
+        # prefix with {SSHA} and suffix with salt and we should be set...
         return sha.sha(password+self.salt).hexdigest()
 
     def set_password(self, password):
-        self.salt = self.generate_salt()
-        self.password = self.encrypt(password)
+        self.password = AuthEncoding.pw_encrypt(password)
 
     def check_password(self, password):
-        return self.encrypt(password) == self.password
+        if self.salt is None:
+            return AuthEncoding.pw_validate(self.password, password)
+        else:
+            return AuthEncoding.pw_validate("{SSHA}%s%s" % (self.password, self.salt))
 
     def __repr__(self):
         return "<User id=%d login=%s name=%s>" % (


_______________________________________________
Product-Developers mailing list
[email protected]
http://lists.plone.org/mailman/listinfo/product-developers

Reply via email to