Mercurial > public > src > rhodecode

diff pylons_app/lib/auth.py @ 451:04e8b31fb245

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Changed password crypting scheme to bcrypt, added dependency for setup
author Marcin Kuzminski <marcin@python-works.com>
date Fri, 20 Aug 2010 10:59:18 +0200
parents b6a25169c005
children 3ed2d46a2ca7
line wrap: on
line diff
--- a/pylons_app/lib/auth.py	Thu Aug 19 23:42:40 2010 +0200
+++ b/pylons_app/lib/auth.py	Fri Aug 20 10:59:18 2010 +0200
@@ -30,7 +30,7 @@
 from pylons_app.model.db import User, RepoToPerm, Repository, Permission
 from sqlalchemy.exc import OperationalError
 from sqlalchemy.orm.exc import NoResultFound, MultipleResultsFound
-import hashlib
+import bcrypt
 from decorator import decorator
 import logging
 
@@ -39,9 +39,11 @@
 def get_crypt_password(password):
     """Cryptographic function used for password hashing based on sha1
     @param password: password to hash
-    """
-    hashed = hashlib.sha1(password).hexdigest()
-    return hashed[3:] + hashed[:3]
+    """    
+    return bcrypt.hashpw(password, bcrypt.gensalt(10))
+
+def check_password(password, hashed):
+    return bcrypt.hashpw(password, hashed) == hashed
 
 @cache_region('super_short_term', 'cached_user')
 def get_user_cached(username):
@@ -53,7 +55,6 @@
     return user
 
 def authfunc(environ, username, password):
-    password_crypt = get_crypt_password(password)
     try:
         user = get_user_cached(username)
     except (NoResultFound, MultipleResultsFound, OperationalError) as e:
@@ -62,7 +63,7 @@
         
     if user:
         if user.active:
-            if user.username == username and user.password == password_crypt:
+            if user.username == username and check_password(password, user.password):
                 log.info('user %s authenticated correctly', username)
                 return True
         else: