[TurboGears] Re: SQLAlchemy and SHA1

Fri, 03 Nov 2006 09:32:43 -0800 

On 11/3/06, Patrick Lewis <[EMAIL PROTECTED]> wrote:
>
> José de Paula Eufrásio Júnior wrote:
>
> > For the time being I'm using
> >
> > def set_password(self, pw):
> >     self.password = identity.encrypt_password(pw)
> >
> > on the User class. The 'identity.encrypt_password' is a smart fella
> > and will DDRT based on the app.cfg hash setting, so if you set it to
> > plaintext it will return plaintext, md5 will return m5, and so on...
>
> I don't know if that will always work as expected for SqlAlchemy.  I
> believe identity.encrypt_password ultimately looks to the
> 'identity.soprovider.encryption_algorithm'  to decide the method to
> use, and ignores 'identity.saprovider.encryption_algorithm'.  That's
> just my static analysis though, I could be wrong.

Well, I ran some tests and looks like it is using the correct provider
(sqlalchemy).

Btw, I'm using this as my User class (using TurboEntity):

<code>
class User (Entity):
    """
        Reasonably basic User definition. Probably
        would want additional attributes.
    """

    class turboentity:
        tablename = "tg_user"

    user_id = Column(Integer, primary_key=True)
    user_name = Column(Unicode(16), unique=True)
    email_address = Column(Unicode(255), unique=True)
    display_name = Column(Unicode(255))
    created = Column(DateTime, default=datetime.now)
    pw = Column(Unicode(40))

    groups = ManyToMany("Group")

    def getpass(self):
        return self.pw
    def setpass(self, pw):
        self.pw = identity.encrypt_password(pw)
    password = property(getpass, setpass)

    @property
    def permissions(self):
        perms = set()
        for g in self.groups:
            perms = perms | set(g.permissions)
        return perms
</code>

And Visit worked, as did logging in and general use of the identity
framework. I think this can be adapted for the AM as well. it's an
ungly hack, tho. the @property decorator was new to me so I did it the
'old way'. The actual password is saved on the User.pw field.

I will give it more test to see if it can be trusted.

[]s

--~--~---------~--~----~------------~-------~--~----~
 You received this message because you are subscribed to the Google Groups 
"TurboGears" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/turbogears?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to