Re: [Zope] acl_users and encrypted passwords
2009/8/7 Andreas Jung : > On 07.08.09 17:22, Andreas Jung wrote: >> On 07.08.09 17:10, Peter Bengtsson wrote: >> >>> No, it's different every time. >>> >>> >> Using private methods is unlikely the road to success. >> There is some official method with *validate* or something similar.. >> In addition: if you call the low-level methods blindly, you must >> take the 'salt' into account. > > AuthEncoding.pw_validate() is likely what you are searching for. > That was the one! THanks for the tip > -aj > > ___ > Zope maillist - z...@zope.org > http://mail.zope.org/mailman/listinfo/zope > ** No cross posts or HTML encoding! ** > (Related lists - > http://mail.zope.org/mailman/listinfo/zope-announce > http://mail.zope.org/mailman/listinfo/zope-dev ) > > -- Peter Bengtsson, work www.fry-it.com home www.peterbe.com hobby www.issuetrackerproduct.com fun crosstips.org ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] acl_users and encrypted passwords
On 07.08.09 17:22, Andreas Jung wrote: > On 07.08.09 17:10, Peter Bengtsson wrote: > >> No, it's different every time. >> >> > Using private methods is unlikely the road to success. > There is some official method with *validate* or something similar.. > In addition: if you call the low-level methods blindly, you must > take the 'salt' into account. AuthEncoding.pw_validate() is likely what you are searching for. -aj begin:vcard fn:Andreas Jung n:Jung;Andreas org:ZOPYX Ltd. & Co. KG adr;quoted-printable:;;Charlottenstr. 37/1;T=C3=BCbingen;;72070;Germany email;internet:i...@zopyx.com title:CEO tel;work:+49-7071-793376 tel;fax:+49-7071-7936840 tel;home:+49-7071-793257 x-mozilla-html:FALSE url:www.zopyx.com version:2.1 end:vcard ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] acl_users and encrypted passwords
On 07.08.09 17:10, Peter Bengtsson wrote: > No, it's different every time. > Using private methods is unlikely the road to success. There is some official method with *validate* or something similar.. In addition: if you call the low-level methods blindly, you must take the 'salt' into account. -aj begin:vcard fn:Andreas Jung n:Jung;Andreas org:ZOPYX Ltd. & Co. KG adr;quoted-printable:;;Charlottenstr. 37/1;T=C3=BCbingen;;72070;Germany email;internet:i...@zopyx.com title:CEO tel;work:+49-7071-793376 tel;fax:+49-7071-7936840 tel;home:+49-7071-793257 x-mozilla-html:FALSE url:www.zopyx.com version:2.1 end:vcard ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] acl_users and encrypted passwords
No, it's different every time. Consider this:: def _doAddUser(self, name, password, roles, domains, **kw): """Create a new user""" ... if password is not None and self.encrypt_passwords: print "\tself._encryptPassword('word')=", repr(self._encryptPassword('word')) print "\tself._encryptPassword('word')=", repr(self._encryptPassword('word')) print "\tself._encryptPassword('word')=", repr(self._encryptPassword('word')) When running this you get this output:: self._encryptPassword('word')= '{SSHA}dxZSdvO5CiaMbDuCC0mAreI0R6nqc5RyYFGo' self._encryptPassword('word')= '{SSHA}pup1PWzONwMnGXk/itXd6rhySF8MOuI57SO6' self._encryptPassword('word')= '{SSHA}HGRxMfi9J7uGK8tfHvuMWfIbNghvu+Z2hb7a' 2009/8/7 Andreas Jung : > On 07.08.09 16:26, Peter Bengtsson wrote: >> When you encrypt your passwords in an acl_users User Folder, is there >> a way to check that the old password is correct? >> I'm building an app that allows the user to change her password with >> the usual form of: >> Old: >> New: >> Confirm: >> > You has the 'old' password using the same algorithm and compare it > against the stored password hash. Look the AccessControl API of Zope. > > -aj > > ___ > Zope maillist - z...@zope.org > http://mail.zope.org/mailman/listinfo/zope > ** No cross posts or HTML encoding! ** > (Related lists - > http://mail.zope.org/mailman/listinfo/zope-announce > http://mail.zope.org/mailman/listinfo/zope-dev ) > > -- Peter Bengtsson, work www.fry-it.com home www.peterbe.com hobby www.issuetrackerproduct.com fun crosstips.org ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] acl_users and encrypted passwords
On 07.08.09 16:26, Peter Bengtsson wrote: > When you encrypt your passwords in an acl_users User Folder, is there > a way to check that the old password is correct? > I'm building an app that allows the user to change her password with > the usual form of: > Old: > New: > Confirm: > You has the 'old' password using the same algorithm and compare it against the stored password hash. Look the AccessControl API of Zope. -aj begin:vcard fn:Andreas Jung n:Jung;Andreas org:ZOPYX Ltd. & Co. KG adr;quoted-printable:;;Charlottenstr. 37/1;T=C3=BCbingen;;72070;Germany email;internet:i...@zopyx.com title:CEO tel;work:+49-7071-793376 tel;fax:+49-7071-7936840 tel;home:+49-7071-793257 x-mozilla-html:FALSE url:www.zopyx.com version:2.1 end:vcard ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )