[TurboGears] Re: patch to identity module to allow md5 and sha hashing of passwords

Tue, 20 Dec 2005 12:01:06 -0800 

Hi Jeremy,

Would you mind dropping this into a Trac ticket? (Please put [PATCH]
in the subject so that it'll get applied sooner rather than later)

Thanks!

Kevin

On 12/20/05, Jeremy Jones <[EMAIL PROTECTED]> wrote:
>
> Here is a patch for the identity module which will allow the passwords
> to be stored in the database using either md5 or sha encryption.  All
> that's required is to put a 'identity.encryption="(md5|sha)"' in your
> config file.  If you put nothing, the behavior is the same as it was.
> I've tested it using clear passwords, md5, and sha.  Is this something
> anyone is interested in?  (Oh, since I'm doing a hexdigest rather than a
> plain digest, I had to up the password length to 40 - it should be 20 if
> I had done plain digest.)
>
>
>
> Index: model/somodel.py
> ===================================================================
> --- model/somodel.py    (revision 341)
> +++ model/somodel.py    (working copy)
> @@ -54,7 +54,7 @@
>       userId= UnicodeCol( length=16, alternateID=True )
>       emailAddress= UnicodeCol( length=255, alternateID=True )
>       displayName= UnicodeCol( length=255 )
> -    password= UnicodeCol( length=16 )
> +    password= UnicodeCol( length=40 )
>       created= DateTimeCol( default=datetime.now )
>
>       # groups this user belongs to
> Index: provider/soprovider.py
> ===================================================================
> --- provider/soprovider.py      (revision 341)
> +++ provider/soprovider.py      (working copy)
> @@ -1,5 +1,6 @@
>   import cherrypy
>   import sha
> +import md5
>   import datetime
>   import random
>
> @@ -59,6 +60,13 @@
>           '''
>           try:
>               user= self.userClass.byUserId( userId )
> +
> +            encryption_algorithm =
> cherrypy.config.get("identity.encryption")
> +            if encryption_algorithm == "md5":
> +                password = md5.new(password).hexdigest()
> +            elif encryption_algorithm == "sha":
> +                password = sha.new(password).hexdigest()
> +
>               if (user.password!=password):
>                   return None
>
>


--
Kevin Dangoor
Author of the Zesty News RSS newsreader

email: [EMAIL PROTECTED]
company: http://www.BlazingThings.com
blog: http://www.BlueSkyOnMars.com

Reply via email to