Ticket #593 (closed enhancement: fixed)
[PATCH][TEST] Add ability to TG_User to automatically encrypt passwords in the DB
|Reported by:||plewis||Owned by:||anonymous|
As TG_User stands right now, if you enable password encryption, you must manually hash any passwords first before storing them. That is, you must do something like:
myUser.password = identity.current_provider.encrypt_password(pw)
This causes problems with Catwalk (which really can't do this step), and just normal usage could be a suprise, considering the user has specified an algorithm to use in their config.py.
The patch makes two simple modifications:
- automatically hashes the password with your chosen algorithm when setting a value to password
- provides a new (write-only) property password_raw if you really need to bypass the hash step.
THIS PATCH COULD REQUIRE USERS TO MODIFY THEIR CODE
If users aren't specifying a encryption algorithm in their config, there is no impact.
If they are using an encryption algorithm, they will need to modify their code to a) take out the step where they hash the password or b) assign their hashed value to 'password_raw' instead of 'password'.