[Zope] acl_users and encrypted passwords
When you encrypt your passwords in an acl_users User Folder, is there a way to check that the old password is correct? I'm building an app that allows the user to change her password with the usual form of: Old: New: Confirm: -- Peter Bengtsson, work www.fry-it.com home www.peterbe.com hobby www.issuetrackerproduct.com fun crosstips.org ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] acl_users and encrypted passwords
On 07.08.09 16:26, Peter Bengtsson wrote: When you encrypt your passwords in an acl_users User Folder, is there a way to check that the old password is correct? I'm building an app that allows the user to change her password with the usual form of: Old: New: Confirm: You has the 'old' password using the same algorithm and compare it against the stored password hash. Look the AccessControl API of Zope. -aj begin:vcard fn:Andreas Jung n:Jung;Andreas org:ZOPYX Ltd. Co. KG adr;quoted-printable:;;Charlottenstr. 37/1;T=C3=BCbingen;;72070;Germany email;internet:i...@zopyx.com title:CEO tel;work:+49-7071-793376 tel;fax:+49-7071-7936840 tel;home:+49-7071-793257 x-mozilla-html:FALSE url:www.zopyx.com version:2.1 end:vcard ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] acl_users and encrypted passwords
No, it's different every time.
Consider this::
def _doAddUser(self, name, password, roles, domains, **kw):
Create a new user
...
if password is not None and self.encrypt_passwords:
print \tself._encryptPassword('word')=,
repr(self._encryptPassword('word'))
print \tself._encryptPassword('word')=,
repr(self._encryptPassword('word'))
print \tself._encryptPassword('word')=,
repr(self._encryptPassword('word'))
When running this you get this output::
self._encryptPassword('word')=
'{SSHA}dxZSdvO5CiaMbDuCC0mAreI0R6nqc5RyYFGo'
self._encryptPassword('word')=
'{SSHA}pup1PWzONwMnGXk/itXd6rhySF8MOuI57SO6'
self._encryptPassword('word')=
'{SSHA}HGRxMfi9J7uGK8tfHvuMWfIbNghvu+Z2hb7a'
2009/8/7 Andreas Jung li...@zopyx.com:
On 07.08.09 16:26, Peter Bengtsson wrote:
When you encrypt your passwords in an acl_users User Folder, is there
a way to check that the old password is correct?
I'm building an app that allows the user to change her password with
the usual form of:
Old:
New:
Confirm:
You has the 'old' password using the same algorithm and compare it
against the stored password hash. Look the AccessControl API of Zope.
-aj
___
Zope maillist - z...@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
--
Peter Bengtsson,
work www.fry-it.com
home www.peterbe.com
hobby www.issuetrackerproduct.com
fun crosstips.org
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] acl_users and encrypted passwords
On 07.08.09 17:10, Peter Bengtsson wrote: No, it's different every time. Using private methods is unlikely the road to success. There is some official method with *validate* or something similar.. In addition: if you call the low-level methods blindly, you must take the 'salt' into account. -aj begin:vcard fn:Andreas Jung n:Jung;Andreas org:ZOPYX Ltd. Co. KG adr;quoted-printable:;;Charlottenstr. 37/1;T=C3=BCbingen;;72070;Germany email;internet:i...@zopyx.com title:CEO tel;work:+49-7071-793376 tel;fax:+49-7071-7936840 tel;home:+49-7071-793257 x-mozilla-html:FALSE url:www.zopyx.com version:2.1 end:vcard ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] acl_users and encrypted passwords
On 07.08.09 17:22, Andreas Jung wrote: On 07.08.09 17:10, Peter Bengtsson wrote: No, it's different every time. Using private methods is unlikely the road to success. There is some official method with *validate* or something similar.. In addition: if you call the low-level methods blindly, you must take the 'salt' into account. AuthEncoding.pw_validate() is likely what you are searching for. -aj begin:vcard fn:Andreas Jung n:Jung;Andreas org:ZOPYX Ltd. Co. KG adr;quoted-printable:;;Charlottenstr. 37/1;T=C3=BCbingen;;72070;Germany email;internet:i...@zopyx.com title:CEO tel;work:+49-7071-793376 tel;fax:+49-7071-7936840 tel;home:+49-7071-793257 x-mozilla-html:FALSE url:www.zopyx.com version:2.1 end:vcard ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] acl_users and encrypted passwords
2009/8/7 Andreas Jung li...@zopyx.com: On 07.08.09 17:22, Andreas Jung wrote: On 07.08.09 17:10, Peter Bengtsson wrote: No, it's different every time. Using private methods is unlikely the road to success. There is some official method with *validate* or something similar.. In addition: if you call the low-level methods blindly, you must take the 'salt' into account. AuthEncoding.pw_validate() is likely what you are searching for. That was the one! THanks for the tip -aj ___ Zope maillist - z...@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) -- Peter Bengtsson, work www.fry-it.com home www.peterbe.com hobby www.issuetrackerproduct.com fun crosstips.org ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
