[TurboGears] Re: patch to identity module to allow md5 and sha hashing of passwords

Tue, 20 Dec 2005 12:08:17 -0800
I went ahead and put it in one. I'm sure you can find it, but it's #241, has [PATCH] in it, and shows up in the "Pending Patches" report. 

Thanks,

- jmj

Kevin Dangoor wrote:

Hi Jeremy,

Would you mind dropping this into a Trac ticket? (Please put [PATCH]
in the subject so that it'll get applied sooner rather than later)

Thanks!

Kevin

On 12/20/05, Jeremy Jones <[EMAIL PROTECTED]> wrote:


Here is a patch for the identity module which will allow the passwords
to be stored in the database using either md5 or sha encryption.  All
that's required is to put a 'identity.encryption="(md5|sha)"' in your
config file.  If you put nothing, the behavior is the same as it was.
I've tested it using clear passwords, md5, and sha.  Is this something
anyone is interested in?  (Oh, since I'm doing a hexdigest rather than a
plain digest, I had to up the password length to 40 - it should be 20 if
I had done plain digest.)



Index: model/somodel.py
===================================================================
--- model/somodel.py    (revision 341)
+++ model/somodel.py    (working copy)
@@ -54,7 +54,7 @@
     userId= UnicodeCol( length=16, alternateID=True )
     emailAddress= UnicodeCol( length=255, alternateID=True )
     displayName= UnicodeCol( length=255 )
-    password= UnicodeCol( length=16 )
+    password= UnicodeCol( length=40 )
     created= DateTimeCol( default=datetime.now )

     # groups this user belongs to
Index: provider/soprovider.py
===================================================================
--- provider/soprovider.py      (revision 341)
+++ provider/soprovider.py      (working copy)
@@ -1,5 +1,6 @@
 import cherrypy
 import sha
+import md5
 import datetime
 import random

@@ -59,6 +60,13 @@
         '''
         try:
             user= self.userClass.byUserId( userId )
+
+            encryption_algorithm =
cherrypy.config.get("identity.encryption")
+            if encryption_algorithm == "md5":
+                password = md5.new(password).hexdigest()
+            elif encryption_algorithm == "sha":
+                password = sha.new(password).hexdigest()
+
             if (user.password!=password):
                 return None






--
Kevin Dangoor
Author of the Zesty News RSS newsreader

email: [EMAIL PROTECTED]
company: http://www.BlazingThings.com
blog: http://www.BlueSkyOnMars.com

























					Reply via email to