src/rhodecode: pylons_app/lib/auth.py comparison

comparison pylons_app/lib/auth.py @ 448:b6a25169c005

fixes #25 removed crypt based password hashing and changed it into sha1 based.

author	Marcin Kuzminski <marcin@python-works.com>
date	Thu, 19 Aug 2010 21:38:08 +0200
parents	a10bdd0b05a7
children	04e8b31fb245

comparison

equal deleted inserted replaced

-:9b67cebe6609
+:b6a25169c005
 from pylons_app.lib.utils import get_repo_slug
 from pylons_app.model import meta
 from pylons_app.model.db import User, RepoToPerm, Repository, Permission
 from sqlalchemy.exc import OperationalError
 from sqlalchemy.orm.exc import NoResultFound, MultipleResultsFound
-import crypt
+import hashlib
 from decorator import decorator
 import logging
 log = logging.getLogger(__name__)
 def get_crypt_password(password):
-"""
+"""Cryptographic function used for password hashing based on sha1
-Cryptographic function used for password hashing
 @param password: password to hash
 """
-return crypt.crypt(password, '6a')
+hashed = hashlib.sha1(password).hexdigest()
+return hashed[3:] + hashed[:3]
 @cache_region('super_short_term', 'cached_user')
 def get_user_cached(username):
 sa = meta.Session
 try:
 p = 'repository.admin'
 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
 else:
 user.permissions['global'].add('repository.create')
+user.permissions['global'].add('hg.register')
 for perm in default_perms:
 if perm.Repository.private and not perm.Repository.user_id == user.user_id:
 #disable defaults for private repos,
 p = 'repository.none'
 elif perm.Repository.user_id == user.user_id:
 @param session:
 """
 user = session.get('hg_app_user', AuthUser())
 if user.is_authenticated:
 user = fill_data(user)
 user = fill_perms(user)
 session['hg_app_user'] = user
 session.save()
 return user
 #===============================================================================

Mercurial > public > src > rhodecode

comparison pylons_app/lib/auth.py @ 448:b6a25169c005