Merge branch 'master' of github.com:hmarr/mongoengine

2012-03-24 19:03:44 +00:00 · 2012-03-24 19:03:44 +00:00 · ea9dc8cfb8
commit ea9dc8cfb8
parent 6bd2ccc9bf 56327c6b58
2 changed files with 8 additions and 20 deletions
--- a/mongoengine/django/auth.py
+++ b/mongoengine/django/auth.py
@ -1,23 +1,14 @@
 from mongoengine import *

-from django.utils.hashcompat import md5_constructor, sha_constructor
 from django.utils.encoding import smart_str
 from django.contrib.auth.models import AnonymousUser
+from django.contrib.auth.hashers import check_password, make_password
 from django.utils.translation import ugettext_lazy as _

 import datetime

 REDIRECT_FIELD_NAME = 'next'

-def get_hexdigest(algorithm, salt, raw_password):
-    raw_password, salt = smart_str(raw_password), smart_str(salt)
-    if algorithm == 'md5':
-        return md5_constructor(salt + raw_password).hexdigest()
-    elif algorithm == 'sha1':
-        return sha_constructor(salt + raw_password).hexdigest()
-    raise ValueError('Got unknown password algorithm type in password')
-
-
 class User(Document):
    """A User document that aims to mirror most of the API specified by Django
    at http://docs.djangoproject.com/en/dev/topics/auth/#users
@ -34,7 +25,7 @@ class User(Document):
    email = EmailField(verbose_name=_('e-mail address'))
    password = StringField(max_length=128,
                           verbose_name=_('password'),
-                           help_text=_("Use '[algo]$[salt]$[hexdigest]' or use the <a href=\"password/\">change password form</a>."))
+                           help_text=_("Use '[algo]$[iterations]$[salt]$[hexdigest]' or use the <a href=\"password/\">change password form</a>."))
    is_staff = BooleanField(default=False,
                            verbose_name=_('staff status'),
                            help_text=_("Designates whether the user can log into this admin site."))
@ -75,11 +66,7 @@ class User(Document):
        assigning to :attr:`~mongoengine.django.auth.User.password` as the
        password is hashed before storage.
        """
-        from random import random
-        algo = 'sha1'
-        salt = get_hexdigest(algo, str(random()), str(random()))[:5]
-        hash = get_hexdigest(algo, salt, raw_password)
-        self.password = '%s$%s$%s' % (algo, salt, hash)
+        self.password = make_password(raw_password)
        self.save()
        return self

@ -89,8 +76,7 @@ class User(Document):
        :attr:`~mongoengine.django.auth.User.password` as the password is
        hashed before storage.
        """
-        algo, salt, hash = self.password.split('$')
-        return hash == get_hexdigest(algo, salt, raw_password)
+        return check_password(raw_password, self.password)

    @classmethod
    def create_user(cls, username, password, email=None):
--- a/mongoengine/django/sessions.py
+++ b/mongoengine/django/sessions.py
@ -41,7 +41,7 @@ class SessionStore(SessionBase):

    def create(self):
        while True:
-            self.session_key = self._get_new_session_key()
+            self._session_key = self._get_new_session_key()
            try:
                self.save(must_create=True)
            except CreateError:
@ -51,7 +51,9 @@ class SessionStore(SessionBase):
            return

    def save(self, must_create=False):
-        s = MongoSession(session_key=self.session_key)
+        if self._session_key is None:
+            self.create()
+        s = MongoSession(session_key=self._session_key)
        s.session_data = self.encode(self._get_session(no_load=must_create))
        s.expire_date = self.get_expiry_date()
        try: