Django

Code

Changeset 6318

Show
Ignore:
Timestamp:
09/15/07 14:45:33 (10 months ago)
Author:
adrian
Message:

Fixed #3604 -- django.contrib.auth password checking now uses hashlib if it's available. Thanks, Rob Hudson

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • django/trunk/django/contrib/auth/models.py

    r6299 r6318  
    1616    from sets import Set as set   # Python 2.3 fallback 
    1717 
    18 def check_password(raw_password, enc_password): 
    19     """ 
    20     Returns a boolean of whether the raw_password was correct. Handles 
    21     encryption formats behind the scenes. 
    22     """ 
    23     algo, salt, hsh = enc_password.split('$') 
    24     if algo == 'md5': 
    25         import md5 
    26         return hsh == md5.new(smart_str(salt + raw_password)).hexdigest() 
    27     elif algo == 'sha1': 
    28         import sha 
    29         return hsh == sha.new(smart_str(salt + raw_password)).hexdigest() 
    30     elif algo == 'crypt': 
     18def get_hexdigest(algorithm, salt, raw_password): 
     19    """ 
     20    Returns a string of the hexdigest of the given plaintext password and salt 
     21    using the given algorithm ('md5', 'sha1' or 'crypt'). 
     22    """ 
     23    raw_password, salt = smart_str(raw_password), smart_str(salt) 
     24    if algorithm == 'crypt': 
    3125        try: 
    3226            import crypt 
    3327        except ImportError: 
    34             raise ValueError, "Crypt password algorithm not supported in this environment." 
    35         return hsh == crypt.crypt(smart_str(raw_password), smart_str(salt)) 
    36     raise ValueError, "Got unknown password algorithm type in password." 
     28            raise ValueError('"crypt" password algorithm not supported in this environment') 
     29        return crypt.crypt(raw_password, salt) 
     30    # The rest of the supported algorithms are supported by hashlib, but 
     31    # hashlib is only available in Python 2.5. 
     32    try: 
     33        import hashlib 
     34    except ImportError: 
     35        if algorithm == 'md5': 
     36            import md5 
     37            return md5.new(salt + raw_password).hexdigest() 
     38        elif algorithm == 'sha1': 
     39            import sha 
     40            return sha.new(salt + raw_password).hexdigest() 
     41    else: 
     42        if algorithm == 'md5': 
     43            return hashlib.md5(salt + raw_password).hexdigest() 
     44        elif algorithm == 'sha1': 
     45            return hashlib.sha1(salt + raw_password).hexdigest() 
     46    raise ValueError("Got unknown password algorithm type in password.") 
     47 
     48def check_password(raw_password, enc_password): 
     49    """ 
     50    Returns a boolean of whether the raw_password was correct. Handles 
     51    encryption formats behind the scenes. 
     52    """ 
     53    algo, salt, hsh = enc_password.split('$') 
     54    return hsh == get_hexdigest(algo, salt, raw_password) 
    3755 
    3856class SiteProfileNotAvailable(Exception): 
     
    163181 
    164182    def set_password(self, raw_password): 
    165         import sha, random 
     183        import random 
    166184        algo = 'sha1' 
    167         salt = sha.new(str(random.random())).hexdigest()[:5] 
    168         hsh = sha.new(salt + smart_str(raw_password)).hexdigest(
     185        salt = get_hexdigest(algo, str(random.random()), str(random.random()))[:5] 
     186        hsh = get_hexdigest(algo, salt, raw_password
    169187        self.password = '%s$%s$%s' % (algo, salt, hsh) 
    170188 
     
    177195        # algorithm or salt. 
    178196        if '$' not in self.password: 
    179             import md5 
    180             is_correct = (self.password == md5.new(smart_str(raw_password)).hexdigest()) 
     197            is_correct = (self.password == get_hexdigest('md5', '', raw_password)) 
    181198            if is_correct: 
    182199                # Convert the password to the new, more secure format.