Mercurial > public > src > moin > 1.9
diff MoinMoin/user.py @ 5239:90fae67c4cda
Fix SHA -> SSHA password hash upgrade for old user profiles (more details below).
If a user has a plaintext password that contains some non-ascii character and
his user profile was still an old profile (using a SHA hash), then moin failed
with an UnicodeError while trying to upgrade the user profile to SSHA.
As moin does this when the user logs in, the user could not log in.
Added some comment / docstring improvements to related code.
| author | Thomas Waldmann <tw AT waldmann-edv DOT de> |
|---|---|
| date | Wed, 28 Oct 2009 19:17:36 +0100 |
| parents | eb377776ca34 |
| children | 852a5dbe3ef5 7252009186c0 |
line wrap: on
line diff
--- a/MoinMoin/user.py Sun Oct 11 13:37:19 2009 +0200 +++ b/MoinMoin/user.py Wed Oct 28 19:17:36 2009 +0100 @@ -499,7 +499,7 @@ This is a private method and should not be used by clients. @param data: dict with user data (from storage) - @param password: password to verify + @param password: password to verify [unicode] @rtype: 2 tuple (bool, bool) @return: password is valid, enc_password changed """ @@ -513,19 +513,17 @@ if not password: return False, False - password = password.encode('utf-8') - if epwd[:5] == '{SHA}': - enc = '{SHA}' + base64.encodestring(hash_new('sha1', password).digest()).rstrip() + enc = '{SHA}' + base64.encodestring(hash_new('sha1', password.encode('utf-8')).digest()).rstrip() if epwd == enc: - data['enc_password'] = encodePassword(password) + data['enc_password'] = encodePassword(password) # upgrade to SSHA return True, True return False, False if epwd[:6] == '{SSHA}': data = base64.decodestring(epwd[6:]) salt = data[20:] - hash = hash_new('sha1', password) + hash = hash_new('sha1', password.encode('utf-8')) hash.update(salt) return hash.digest() == data[:20], False