Mercurial > p > roundup > code
changeset 4485:95aace124a8e
use idea from Eli Collins to use a list of deprecated password encoding schemes
| author | Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net> |
|---|---|
| date | Thu, 14 Apr 2011 18:27:51 +0000 |
| parents | 52e13bf0bb40 |
| children | 693c75d56ebe |
| files | roundup/password.py test/test_cgi.py |
| diffstat | 2 files changed, 4 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/roundup/password.py Thu Apr 14 18:10:58 2011 +0000 +++ b/roundup/password.py Thu Apr 14 18:27:51 2011 +0000 @@ -240,7 +240,8 @@ """ #TODO: code to migrate from old password schemes. - known_schemes = [ "PBKDF2", "SHA", "MD5", "crypt", "plaintext" ] + deprecated_schemes = ["SHA", "MD5", "crypt", "plaintext"] + known_schemes = ["PBKDF2"] + deprecated_schemes def __init__(self, plaintext=None, scheme=None, encrypted=None, strict=False): """Call setPassword if plaintext is not None.""" @@ -259,7 +260,7 @@ """ Password has insecure scheme or other insecure parameters and needs migration to new password scheme """ - if self.scheme != 'PBKDF2': + if self.scheme in self.deprecated_schemes: return True rounds, salt, raw_salt, digest = pbkdf2_unpack(self.password) if rounds < 1000:
--- a/test/test_cgi.py Thu Apr 14 18:10:58 2011 +0000 +++ b/test/test_cgi.py Thu Apr 14 18:27:51 2011 +0000 @@ -431,7 +431,7 @@ cl = self._make_client(form) # assume that the "best" algorithm is the first one and doesn't # need migration, all others should be migrated. - for scheme in password.Password.known_schemes[1:]: + for scheme in password.Password.deprecated_schemes: pw1 = password.Password('foo', scheme=scheme) self.assertEqual(pw1.needs_migration(), True) self.db.user.set(chef, password=pw1)