Ticket #3604: hashlib.diff

File hashlib.diff, 2.7 KB (added by Rob Hudson <treborhudson@…>, 17 years ago)

  • django/contrib/auth/models.py

     
    55from django.utils.translation import gettext_lazy as _
    66import datetime
    77
     8def get_hexdigest(algorithm, plaintext):
     9    """
     10    Returns a string of the hexdigest of the given plaintext
     11    using the given algorithm.
     12    """
     13    try:
     14        # Python 2.5 has moved to using hashlib for hashing functions
     15        import hashlib
     16        if algorithm == 'md5':
     17            return hashlib.md5(plaintext).hexdigest()
     18        elif algorithm == 'sha1':
     19            return hashlib.sha1(plaintext).hexdigest()
     20        raise ValueError, "Got unknown password algorithm type in password."
     21       
     22    except ImportError:
     23        if algorithm == 'md5':
     24            import md5
     25            return md5.new(plaintext).hexdigest()
     26        elif algorithm == 'sha1':
     27            import sha
     28            return sha.new(plaintext).hexdigest()
     29        raise ValueError, "Got unknown password algorithm type in password."
     30
    831def check_password(raw_password, enc_password):
    932    """
    1033    Returns a boolean of whether the raw_password was correct. Handles
    1134    encryption formats behind the scenes.
    1235    """
    1336    algo, salt, hsh = enc_password.split('$')
    14     if algo == 'md5':
    15         import md5
    16         return hsh == md5.new(salt+raw_password).hexdigest()
    17     elif algo == 'sha1':
    18         import sha
    19         return hsh == sha.new(salt+raw_password).hexdigest()
    20     raise ValueError, "Got unknown password algorithm type in password."
     37    return (hsh == get_hexdigest(algo, salt+raw_password))
    2138
    2239class SiteProfileNotAvailable(Exception):
    2340    pass
     
    138155        return full_name.strip()
    139156
    140157    def set_password(self, raw_password):
    141         import sha, random
     158        import random
    142159        algo = 'sha1'
    143         salt = sha.new(str(random.random())).hexdigest()[:5]
    144         hsh = sha.new(salt+raw_password).hexdigest()
     160        salt = get_hexdigest(algo, str(random.random()))[:5]
     161        hsh = get_hexdigest(algo, salt+raw_password)
    145162        self.password = '%s$%s$%s' % (algo, salt, hsh)
    146163
    147164    def check_password(self, raw_password):
     
    152169        # Backwards-compatibility check. Older passwords won't include the
    153170        # algorithm or salt.
    154171        if '$' not in self.password:
    155             import md5
    156             is_correct = (self.password == md5.new(raw_password).hexdigest())
     172            is_correct = (self.password == get_hexdigest('md5', raw_password))
    157173            if is_correct:
    158174                # Convert the password to the new, more secure format.
    159175                self.set_password(raw_password)
Back to Top