pub/mongoengine
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Replaces deprecated hasher with new django 1.4 hasher

Browse Source 
This way we can even use the new hasher configuration
django 1.4 provides.

Signed-off-by: Nils Hasenbanck <nils@hasenbanck.de>
This commit is contained in:
Nils Hasenbanck 2012-03-24 11:08:00 +01:00
parent e2bef076d3
commit 3af6d0dbfd
1 changed files with 4 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
mongoengine/django/auth.py
View File

@ -1,23 +1,14 @@
from mongoengine import * from mongoengine import *
from django.utils.hashcompat import md5_constructor, sha_constructor
from django.utils.encoding import smart_str from django.utils.encoding import smart_str
from django.contrib.auth.models import AnonymousUser from django.contrib.auth.models import AnonymousUser
from django.contrib.auth.hashers import check_password, make_password
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
import datetime import datetime
REDIRECT_FIELD_NAME = 'next' REDIRECT_FIELD_NAME = 'next'
def get_hexdigest(algorithm, salt, raw_password):
raw_password, salt = smart_str(raw_password), smart_str(salt)
if algorithm == 'md5':
return md5_constructor(salt + raw_password).hexdigest()
elif algorithm == 'sha1':
return sha_constructor(salt + raw_password).hexdigest()
raise ValueError('Got unknown password algorithm type in password')
class User(Document): class User(Document):
"""A User document that aims to mirror most of the API specified by Django """A User document that aims to mirror most of the API specified by Django
at http://docs.djangoproject.com/en/dev/topics/auth/#users at http://docs.djangoproject.com/en/dev/topics/auth/#users
@ -34,7 +25,7 @@ class User(Document):
email = EmailField(verbose_name=_('e-mail address')) email = EmailField(verbose_name=_('e-mail address'))
password = StringField(max_length=128, password = StringField(max_length=128,
verbose_name=_('password'), verbose_name=_('password'),
help_text=_("Use '[algo]$[salt]$[hexdigest]' or use the <a href=\"password/\">change password form</a>.")) help_text=_("Use '[algo]$[iterations]$[salt]$[hexdigest]' or use the <a href=\"password/\">change password form</a>."))
is_staff = BooleanField(default=False, is_staff = BooleanField(default=False,
verbose_name=_('staff status'), verbose_name=_('staff status'),
help_text=_("Designates whether the user can log into this admin site.")) help_text=_("Designates whether the user can log into this admin site."))
@ -75,11 +66,7 @@ class User(Document):
assigning to :attr:`~mongoengine.django.auth.User.password` as the assigning to :attr:`~mongoengine.django.auth.User.password` as the
password is hashed before storage. password is hashed before storage.
""" """
from random import random self.password = make_password(raw_password)
algo = 'sha1'
salt = get_hexdigest(algo, str(random()), str(random()))[:5]
hash = get_hexdigest(algo, salt, raw_password)
self.password = '%s$%s$%s' % (algo, salt, hash)
self.save() self.save()
return self return self
@ -89,8 +76,7 @@ class User(Document):
:attr:`~mongoengine.django.auth.User.password` as the password is :attr:`~mongoengine.django.auth.User.password` as the password is
hashed before storage. hashed before storage.
""" """
algo, salt, hash = self.password.split('$') return check_password(raw_password, self.password)
return hash == get_hexdigest(algo, salt, raw_password)
@classmethod @classmethod
def create_user(cls, username, password, email=None): def create_user(cls, username, password, email=None):