Ticket #4151: password.diff

File password.diff, 1.7 KB (added by Nick Efford <nick@…>, 17 years ago)

diff for django.contrib.auth.models adding support for stronger hashes

  • models.py

     
    1717    elif algo == 'sha1':
    1818        import sha
    1919        return hsh == sha.new(salt+raw_password).hexdigest()
     20    elif algo in ('sha224', 'sha256', 'sha384'):
     21        # Note: sha512 could be supported by making password
     22        # field of User model longer than 128 chars
     23        try:
     24            import hashlib
     25        except ImportError:
     26            # Python version is presumably earlier than 2.5
     27            raise ValueError, "%s not supported in this environment." % algo
     28        return hsh == hashlib.new(algo, salt+raw_password).hexdigest()
    2029    elif algo == 'crypt':
    2130        try:
    2231            import crypt
     
    149158        return full_name.strip()
    150159
    151160    def set_password(self, raw_password):
    152         import sha, random
    153         algo = 'sha1'
    154         salt = sha.new(str(random.random())).hexdigest()[:5]
    155         hsh = sha.new(salt+raw_password).hexdigest()
     161        import random
     162        try:
     163            import hashlib
     164            algo = 'sha256'
     165            salt = hashlib.new(algo, str(random.random())).hexdigest()[:5]
     166            hsh = hashlib.new(algo, salt+raw_password).hexdigest()
     167        except ImportError:
     168            # Python version presumably earlier than 2.5,
     169            # so fall back on using SHA1 hash
     170            import sha
     171            algo = 'sha1'
     172            salt = sha.new(str(random.random())).hexdigest()[:5]
     173            hsh = sha.new(salt+raw_password).hexdigest()
    156174        self.password = '%s$%s$%s' % (algo, salt, hsh)
    157175
    158176    def check_password(self, raw_password):
Back to Top