Mercurial > p > roundup > code
comparison roundup/password.py @ 3434:1f860b50fa5f
encodePassword: don't trim the salt string...
...the first two characters aren't enough for MD5-based crypt
implementations [SF#1372253]
| author | Alexander Smishlajev <a1s@users.sourceforge.net> |
|---|---|
| date | Sat, 03 Dec 2005 11:35:54 +0000 |
| parents | c9e52addda42 |
| children | 822a2719b81b |
comparison
equal
deleted
inserted
replaced
| 3433:2affe8fa51a5 | 3434:1f860b50fa5f |
|---|---|
| 12 # BIZAR SOFTWARE PTY LTD SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING, | 12 # BIZAR SOFTWARE PTY LTD SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING, |
| 13 # BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS | 13 # BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS |
| 14 # FOR A PARTICULAR PURPOSE. THE CODE PROVIDED HEREUNDER IS ON AN "AS IS" | 14 # FOR A PARTICULAR PURPOSE. THE CODE PROVIDED HEREUNDER IS ON AN "AS IS" |
| 15 # BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE, | 15 # BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE, |
| 16 # SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. | 16 # SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. |
| 17 # | 17 # |
| 18 # $Id: password.py,v 1.13 2004-05-10 22:32:17 richard Exp $ | 18 # $Id: password.py,v 1.14 2005-12-03 11:35:54 a1s Exp $ |
| 19 | 19 |
| 20 """Password handling (encoding, decoding). | 20 """Password handling (encoding, decoding). |
| 21 """ | 21 """ |
| 22 __docformat__ = 'restructuredtext' | 22 __docformat__ = 'restructuredtext' |
| 23 | 23 |
| 41 s = sha.sha(plaintext).hexdigest() | 41 s = sha.sha(plaintext).hexdigest() |
| 42 elif scheme == 'MD5': | 42 elif scheme == 'MD5': |
| 43 s = md5.md5(plaintext).hexdigest() | 43 s = md5.md5(plaintext).hexdigest() |
| 44 elif scheme == 'crypt' and crypt is not None: | 44 elif scheme == 'crypt' and crypt is not None: |
| 45 if other is not None: | 45 if other is not None: |
| 46 salt = other[:2] | 46 salt = other |
| 47 else: | 47 else: |
| 48 saltchars = './0123456789'+string.letters | 48 saltchars = './0123456789'+string.letters |
| 49 salt = random.choice(saltchars) + random.choice(saltchars) | 49 salt = random.choice(saltchars) + random.choice(saltchars) |
| 50 s = crypt.crypt(plaintext, salt) | 50 s = crypt.crypt(plaintext, salt) |
| 51 elif scheme == 'plaintext': | 51 elif scheme == 'plaintext': |
| 57 def generatePassword(length=8): | 57 def generatePassword(length=8): |
| 58 chars = string.letters+string.digits | 58 chars = string.letters+string.digits |
| 59 return ''.join([random.choice(chars) for x in range(length)]) | 59 return ''.join([random.choice(chars) for x in range(length)]) |
| 60 | 60 |
| 61 class Password: | 61 class Password: |
| 62 '''The class encapsulates a Password property type value in the database. | 62 '''The class encapsulates a Password property type value in the database. |
| 63 | 63 |
| 64 The encoding of the password is one if None, 'SHA', 'MD5' or 'plaintext'. | 64 The encoding of the password is one if None, 'SHA', 'MD5' or 'plaintext'. |
| 65 The encodePassword function is used to actually encode the password from | 65 The encodePassword function is used to actually encode the password from |
| 66 plaintext. The None encoding is used in legacy databases where no | 66 plaintext. The None encoding is used in legacy databases where no |
| 67 encoding scheme is identified. | 67 encoding scheme is identified. |
| 159 assert 'not sekrit' != p | 159 assert 'not sekrit' != p |
| 160 | 160 |
| 161 if __name__ == '__main__': | 161 if __name__ == '__main__': |
| 162 test() | 162 test() |
| 163 | 163 |
| 164 # vim: set filetype=python ts=4 sw=4 et si | 164 # vim: set filetype=python sts=4 sw=4 et si : |