Mercurial > p > roundup > code

diff roundup/cgi/actions.py @ 4484:52e13bf0bb40

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add new config-option 'migrate_passwords' in section 'web'... ...to auto-migrate passwords at web-login time. Default for the new option is "yes" so if you don't want that passwords are auto-migrated to a more secure password scheme on user login, set this to "no" before running your tracker(s) after the upgrade.
author Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
date Thu, 14 Apr 2011 18:10:58 +0000
parents 36d52125c9cf
children 693c75d56ebe
line wrap: on
line diff
--- a/roundup/cgi/actions.py	Thu Apr 14 15:42:41 2011 +0000
+++ b/roundup/cgi/actions.py	Thu Apr 14 18:10:58 2011 +0000
@@ -1005,12 +1005,18 @@
             raise exceptions.LoginError(self._(
                 "You do not have permission to login"))
 
-    def verifyPassword(self, userid, password):
-        '''Verify the password that the user has supplied'''
-        stored = self.db.user.get(userid, 'password')
-        if password == stored:
+    def verifyPassword(self, userid, givenpw):
+        '''Verify the password that the user has supplied.
+           Optionally migrate to new password scheme if configured
+        '''
+        db = self.db
+        stored = db.user.get(userid, 'password')
+        if givenpw == stored:
+            if db.config.WEB_MIGRATE_PASSWORDS and stored.needs_migration():
+                db.user.set(userid, password=password.Password(givenpw))
+                db.commit()
             return 1
-        if not password and not stored:
+        if not givenpw and not stored:
             return 1
         return 0
Roundup Issue Tracker: http://roundup-tracker.org/