[Zope] acl_users and encrypted passwords
When you encrypt your passwords in an acl_users User Folder, is there a way to check that the old password is correct? I'm building an app that allows the user to change her password with the usual form of: Old: New: Confirm: -- Peter Bengtsson, work www.fry-it.com home www.peterbe.com hobby www.issuetrackerproduct.com fun crosstips.org ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] acl_users and encrypted passwords
On 07.08.09 16:26, Peter Bengtsson wrote: When you encrypt your passwords in an acl_users User Folder, is there a way to check that the old password is correct? I'm building an app that allows the user to change her password with the usual form of: Old: New: Confirm: You has the 'old' password using the same algorithm and compare it against the stored password hash. Look the AccessControl API of Zope. -aj begin:vcard fn:Andreas Jung n:Jung;Andreas org:ZOPYX Ltd. Co. KG adr;quoted-printable:;;Charlottenstr. 37/1;T=C3=BCbingen;;72070;Germany email;internet:i...@zopyx.com title:CEO tel;work:+49-7071-793376 tel;fax:+49-7071-7936840 tel;home:+49-7071-793257 x-mozilla-html:FALSE url:www.zopyx.com version:2.1 end:vcard ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] acl_users and encrypted passwords
No, it's different every time. Consider this:: def _doAddUser(self, name, password, roles, domains, **kw): Create a new user ... if password is not None and self.encrypt_passwords: print \tself._encryptPassword('word')=, repr(self._encryptPassword('word')) print \tself._encryptPassword('word')=, repr(self._encryptPassword('word')) print \tself._encryptPassword('word')=, repr(self._encryptPassword('word')) When running this you get this output:: self._encryptPassword('word')= '{SSHA}dxZSdvO5CiaMbDuCC0mAreI0R6nqc5RyYFGo' self._encryptPassword('word')= '{SSHA}pup1PWzONwMnGXk/itXd6rhySF8MOuI57SO6' self._encryptPassword('word')= '{SSHA}HGRxMfi9J7uGK8tfHvuMWfIbNghvu+Z2hb7a' 2009/8/7 Andreas Jung li...@zopyx.com: On 07.08.09 16:26, Peter Bengtsson wrote: When you encrypt your passwords in an acl_users User Folder, is there a way to check that the old password is correct? I'm building an app that allows the user to change her password with the usual form of: Old: New: Confirm: You has the 'old' password using the same algorithm and compare it against the stored password hash. Look the AccessControl API of Zope. -aj ___ Zope maillist - z...@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) -- Peter Bengtsson, work www.fry-it.com home www.peterbe.com hobby www.issuetrackerproduct.com fun crosstips.org ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] acl_users and encrypted passwords
On 07.08.09 17:10, Peter Bengtsson wrote: No, it's different every time. Using private methods is unlikely the road to success. There is some official method with *validate* or something similar.. In addition: if you call the low-level methods blindly, you must take the 'salt' into account. -aj begin:vcard fn:Andreas Jung n:Jung;Andreas org:ZOPYX Ltd. Co. KG adr;quoted-printable:;;Charlottenstr. 37/1;T=C3=BCbingen;;72070;Germany email;internet:i...@zopyx.com title:CEO tel;work:+49-7071-793376 tel;fax:+49-7071-7936840 tel;home:+49-7071-793257 x-mozilla-html:FALSE url:www.zopyx.com version:2.1 end:vcard ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] acl_users and encrypted passwords
On 07.08.09 17:22, Andreas Jung wrote: On 07.08.09 17:10, Peter Bengtsson wrote: No, it's different every time. Using private methods is unlikely the road to success. There is some official method with *validate* or something similar.. In addition: if you call the low-level methods blindly, you must take the 'salt' into account. AuthEncoding.pw_validate() is likely what you are searching for. -aj begin:vcard fn:Andreas Jung n:Jung;Andreas org:ZOPYX Ltd. Co. KG adr;quoted-printable:;;Charlottenstr. 37/1;T=C3=BCbingen;;72070;Germany email;internet:i...@zopyx.com title:CEO tel;work:+49-7071-793376 tel;fax:+49-7071-7936840 tel;home:+49-7071-793257 x-mozilla-html:FALSE url:www.zopyx.com version:2.1 end:vcard ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] acl_users and encrypted passwords
2009/8/7 Andreas Jung li...@zopyx.com: On 07.08.09 17:22, Andreas Jung wrote: On 07.08.09 17:10, Peter Bengtsson wrote: No, it's different every time. Using private methods is unlikely the road to success. There is some official method with *validate* or something similar.. In addition: if you call the low-level methods blindly, you must take the 'salt' into account. AuthEncoding.pw_validate() is likely what you are searching for. That was the one! THanks for the tip -aj ___ Zope maillist - z...@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) -- Peter Bengtsson, work www.fry-it.com home www.peterbe.com hobby www.issuetrackerproduct.com fun crosstips.org ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )