Mercurial Repository: p/roundup/code: roundup/cgi/actions.py comparison

comparison roundup/cgi/actions.py @ 4484:52e13bf0bb40

Add new config-option 'migrate_passwords' in section 'web'... ...to auto-migrate passwords at web-login time. Default for the new option is "yes" so if you don't want that passwords are auto-migrated to a more secure password scheme on user login, set this to "no" before running your tracker(s) after the upgrade.

author	Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
date	Thu, 14 Apr 2011 18:10:58 +0000
parents	36d52125c9cf
children	693c75d56ebe

comparison

equal deleted inserted replaced

-:22bc0426e348
+:52e13bf0bb40
 # Base behaviour is to check the user has "Web Access".
 if not self.hasPermission("Web Access"):
 raise exceptions.LoginError(self._(
 "You do not have permission to login"))
-def verifyPassword(self, userid, password):
+def verifyPassword(self, userid, givenpw):
-'''Verify the password that the user has supplied'''
+'''Verify the password that the user has supplied.
-stored = self.db.user.get(userid, 'password')
+Optionally migrate to new password scheme if configured
-if password == stored:
+'''
+db = self.db
+stored = db.user.get(userid, 'password')
+if givenpw == stored:
+if db.config.WEB_MIGRATE_PASSWORDS and stored.needs_migration():
+db.user.set(userid, password=password.Password(givenpw))
+db.commit()
 return 1
-if not password and not stored:
+if not givenpw and not stored:
 return 1
 return 0
 class ExportCSVAction(Action):
 name = 'export'

Mercurial > p > roundup > code

comparison roundup/cgi/actions.py @ 4484:52e13bf0bb40