Mercurial > p > roundup > code
comparison roundup/cgi/actions.py @ 7165:970cd6d2b8ea
issue2551251 - migrate pbkdf2 passwords if more rounds configured
migrate/re-encrypt PBKDF2 password if stored password used a smaller
number of rounds than set in password_pbkdf2_default_rounds.
Also increase fallback number of rounds (when not set in config) to
2,000,000.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Thu, 23 Feb 2023 19:34:39 -0500 |
| parents | 0b52ee664580 |
| children | db06d4aeb978 |
comparison
equal
deleted
inserted
replaced
| 7164:5487882ff17a | 7165:970cd6d2b8ea |
|---|---|
| 1397 Optionally migrate to new password scheme if configured | 1397 Optionally migrate to new password scheme if configured |
| 1398 ''' | 1398 ''' |
| 1399 db = self.db | 1399 db = self.db |
| 1400 stored = db.user.get(userid, 'password') | 1400 stored = db.user.get(userid, 'password') |
| 1401 if givenpw == stored: | 1401 if givenpw == stored: |
| 1402 if db.config.WEB_MIGRATE_PASSWORDS and stored.needs_migration(): | 1402 if (db.config.WEB_MIGRATE_PASSWORDS and |
| 1403 stored.needs_migration(config=db.config)): | |
| 1403 newpw = password.Password(givenpw, config=db.config) | 1404 newpw = password.Password(givenpw, config=db.config) |
| 1404 db.user.set(userid, password=newpw) | 1405 db.user.set(userid, password=newpw) |
| 1405 db.commit() | 1406 db.commit() |
| 1406 return 1 | 1407 return 1 |
| 1407 # allow blank password | 1408 # allow blank password |