Ticket #5787: django-bcrypt.diff

File django-bcrypt.diff, 6.7 KB (added by ekarulf, 8 years ago)

First revision of django-bcrypt patch

  • django/conf/global_settings.py

     
    333333
    334334LOGIN_REDIRECT_URL = '/accounts/profile/'
    335335
     336# The preferred hash algorithm for storing passwords
     337# Acceptable values are 'crypt', 'md5', 'sha1', and 'bcrypt'
     338# NOTE : 'crypt' and 'md5' are provided only for legacy integration
     339PREFERRED_HASH = 'sha1'
     340
     341# The number of rounds determines the complexity of the bcrypt alg.
     342# The work factor is 2**log_rounds, and the default is 12
     343BCRYPT_LOG_ROUNDS = 12
     344
    336345###########
    337346# TESTING #
    338347###########
  • django/contrib/auth/models.py

     
    4646            return hashlib.sha1(salt + raw_password).hexdigest()
    4747    raise ValueError("Got unknown password algorithm type in password.")
    4848
     49def hash_password(raw_password, enc_password):
     50    """
     51    Returns a formatted hash of the user's password.
     52    """
     53    if enc_password in ('crypt', 'md5', 'sha1', 'bcrypt'):
     54        validating = False
     55        algo = enc_password
     56        algo_args = ''
     57        hsh = ''
     58    else:
     59        validating = True
     60        if enc_password[0] == '$':
     61            algo, algo_args, hsh = enc_password[1:].split('$')
     62        else:
     63            algo, algo_args, hsh = enc_password.split('$')
     64    if algo == 'bcrypt' or algo == '2' or algo == '2a':
     65        try:
     66            import bcrypt
     67            if validating:
     68                # If we are validating, use the hash in the provided password
     69                salt = enc_password
     70            else:
     71                # If we are generating a new hash, we need to generate a salt
     72                from django.conf import settings
     73                salt = bcrypt.gensalt(settings.BCRYPT_LOG_ROUNDS)
     74            return bcrypt.hashpw(raw_password, salt)
     75        except ImportError:
     76            raise ValueError('"bcrypt" password algorithm not supported in this environment')
     77    else:
     78        if validating:
     79            salt = algo_args
     80        else:
     81            import random
     82            salt = get_hexdigest(algo, str(random.random()), str(random.random()))[:5]
     83        hsh = get_hexdigest(algo, salt, raw_password)
     84        return '%s$%s$%s' % (algo, salt, hsh)
     85
    4986def check_password(raw_password, enc_password):
    5087    """
    5188    Returns a boolean of whether the raw_password was correct. Handles
    5289    encryption formats behind the scenes.
    5390    """
    54     algo, salt, hsh = enc_password.split('$')
    55     return hsh == get_hexdigest(algo, salt, raw_password)
     91    return enc_password == hash_password(raw_password, enc_password)
    5692
    5793class SiteProfileNotAvailable(Exception):
    5894    pass
     
    181217        return full_name.strip()
    182218
    183219    def set_password(self, raw_password):
    184         import random
    185         algo = 'sha1'
    186         salt = get_hexdigest(algo, str(random.random()), str(random.random()))[:5]
    187         hsh = get_hexdigest(algo, salt, raw_password)
    188         self.password = '%s$%s$%s' % (algo, salt, hsh)
     220        """
     221        Sets the users's password hash to a hash of raw_password. Handles
     222        encryption formats behind the scenes.
     223        """
     224        from django.conf import settings
     225        algo = settings.PREFERRED_HASH
     226        self.password = hash_password(raw_password, algo)
    189227
    190228    def check_password(self, raw_password):
    191229        """
  • docs/settings.txt

     
    225225``CommonMiddleware`` is installed (see the `middleware docs`_). See also
    226226``PREPEND_WWW``.
    227227
     228BCRYPT_LOG_ROUNDS
     229-------------
     230
     231**New in Django development version**
     232
     233Default: ``12``
     234
     235The number of rounds determines the complexity of the ``bcrypt`` password
     236hashing algorithm. The work factor is 2**BCRYPT_LOG_ROUNDS.
     237
    228238CACHE_BACKEND
    229239-------------
    230240
     
    678688See `allowed date format strings`_. See also ``DATE_FORMAT``,
    679689``DATETIME_FORMAT``, ``TIME_FORMAT`` and ``YEAR_MONTH_FORMAT``.
    680690
     691PREFERRED_HASH
     692----------
     693
     694**New in Django development version**
     695
     696Default: ``'sha1'``
     697
     698The default hash to use when saving new passwords. The hashtype is either
     699``sha1`` (default), ``md5``, ``crypt`` or ``bcrypt`` -- the algorithm used to
     700perform a one-way hash of the password.
     701
     702Note that the ``crypt`` method is only supported on platforms that have the
     703standard Python ``crypt`` module available, and ``crypt`` support is only
     704available in the Django development version. Likewise the ``bcrypt`` algorithm
     705is supported only on platforms that have the standard Python ``bcrypt`` module
     706available, and like ``crypt`` it is only supported in the development version.
     707
     708**Important Note** : ``md5`` and ``crypt`` are both deprecated algorithms that
     709are maintained for legacy integration. New applications are recommended to use
     710stronger algorithms like ``sha1`` (default) or ``bcrypt``.
     711
    681712PREPEND_WWW
    682713-----------
    683714
  • docs/authentication.txt

     
    218218
    219219That's hashtype, salt and hash, separated by the dollar-sign character.
    220220
    221 Hashtype is either ``sha1`` (default), ``md5`` or ``crypt`` -- the algorithm
    222 used to perform a one-way hash of the password. Salt is a random string used
    223 to salt the raw password to create the hash. Note that the ``crypt`` method is
    224 only supported on platforms that have the standard Python ``crypt`` module
    225 available, and ``crypt`` support is only available in the Django development
    226 version.
     221Hashtype is either ``sha1`` (default), ``md5``, ``crypt`` or ``bcrypt`` -- the
     222algorithm used to perform a one-way hash of the password. Salt is a random
     223string used to salt the raw password to create the hash. Note that the ``crypt``
     224method is only supported on platforms that have the standard Python ``crypt``
     225module available, and ``crypt`` support is only available in the Django
     226development version. Likewise the ``bcrypt`` algorithm is supported only on
     227platforms that have the standard Python ``bcrypt`` module available, and like
     228``crypt`` it is only supported in the development version.
    227229
     230You may change the default hash algorithm by changing the PREFERRED_HASH
     231setting. Please note that ``md5`` and ``crypt`` are both deprecated algorithms
     232that are maintained for legacy integration. New applications are recommended to
     233use stronger algorithms like ``sha1`` (default) or ``bcrypt``.
     234
    228235For example::
    229236
    230237    sha1$a1976$a36cc8cbf81742a8fb52e221aaeab48ed7f58ab4
Back to Top