Ticket #6858: legacy_auth.diff

File legacy_auth.diff, 2.9 KB (added by ubernostrum, 7 years ago)
  • django/contrib/auth/backends.py

     
    11from django.db import connection
     2from django.contrib.auth.models import get_hexdigest
    23from django.contrib.auth.models import User
    34
    45try:
     
    6869            return User.objects.get(pk=user_id)
    6970        except User.DoesNotExist:
    7071            return None
     72
     73
     74class LegacyMD5ModelBackend(ModelBackend):
     75    """
     76    Backend which provides legacy support for very old Django
     77    installations. Otherwise, identical to ``ModelBackend``.
     78   
     79    Originally, passwords were stored as unsalted MD5 hashes; this
     80    backend can authenticate users whose passwords were stored in this
     81    fashion, and will transparently change them to use salted SHA1
     82    hashes instead.
     83   
     84    This primarily affects sites which have had active users since the
     85    Django 0.90 release; sites which launched on Django 0.91 or later
     86    will not need this, as the current salted-hash system was
     87    introduced in SVN revision 1327, and Django 0.91 was packaged from
     88    SVN revision 1908.
     89   
     90    """
     91    def authenticate(self, username=None, password=None):
     92        if password is None or '$' in password:
     93            return None
     94        try:
     95            user = User.objects.get(username=username)
     96            if user.password == get_hexdigest('md5', '', password):
     97                # Legacy unsalted md5 password; convert to new format.
     98                user.set_password(password)
     99                user.save()
     100                return user
     101        except User.DoesNotExist:
     102            return None
  • django/contrib/auth/models.py

     
    5151    Returns a boolean of whether the raw_password was correct. Handles
    5252    encryption formats behind the scenes.
    5353    """
     54    if '$' not in enc_password:
     55        return False
    5456    algo, salt, hsh = enc_password.split('$')
    5557    return hsh == get_hexdigest(algo, salt, raw_password)
    5658
     
    192194        Returns a boolean of whether the raw_password was correct. Handles
    193195        encryption formats behind the scenes.
    194196        """
    195         # Backwards-compatibility check. Older passwords won't include the
    196         # algorithm or salt.
    197         if '$' not in self.password:
    198             is_correct = (self.password == get_hexdigest('md5', '', raw_password))
    199             if is_correct:
    200                 # Convert the password to the new, more secure format.
    201                 self.set_password(raw_password)
    202                 self.save()
    203             return is_correct
    204197        return check_password(raw_password, self.password)
    205198
    206199    def set_unusable_password(self):
Back to Top