Warning: Can't synchronize with repository "(default)" (Unsupported version control system "svn": No module named svn). Look in the Trac log for more information.

Ticket #593 (closed enhancement: fixed)

Opened 12 years ago

Last modified 10 years ago

[PATCH][TEST] Add ability to TG_User to automatically encrypt passwords in the DB

Reported by: plewis Owned by: anonymous
Priority: normal Milestone: 0.9a1
Component: Identity Version:
Severity: normal Keywords:
Cc:

Description

As TG_User stands right now, if you enable password encryption, you must manually hash any passwords first before storing them. That is, you must do something like:

myUser.password = identity.current_provider.encrypt_password(pw)

This causes problems with Catwalk (which really can't do this step), and just normal usage could be a suprise, considering the user has specified an algorithm to use in their config.py.

The patch makes two simple modifications:

  1. automatically hashes the password with your chosen algorithm when setting a value to password
  2. provides a new (write-only) property password_raw if you really need to bypass the hash step.

THIS PATCH COULD REQUIRE USERS TO MODIFY THEIR CODE

If users aren't specifying a encryption algorithm in their config, there is no impact.

If they are using an encryption algorithm, they will need to modify their code to a) take out the step where they hash the password or b) assign their hashed value to 'password_raw' instead of 'password'.

Attachments

patch_and_tests.diff Download (5.4 KB) - added by plewis 12 years ago.
patch_test_v2.diff Download (5.4 KB) - added by plewis 12 years ago.
uses a method instead of a property to save the raw password

Change History

Changed 12 years ago by plewis

Changed 12 years ago by plewis

uses a method instead of a property to save the raw password

comment:1 Changed 12 years ago by plewis

After I submitted this, I think that the password_raw property is probably not as good as a simple method, as the property isn't readable. I think I was being a little too cute for my own good. I would probably want to replace this with set_password_raw(self, password).

The v2 of the patch makes this change.

comment:2 Changed 11 years ago by kevin

  • Milestone set to 0.9a1

comment:3 Changed 11 years ago by kevin

  • Status changed from new to closed
  • Resolution set to fixed

Committed in [815]. Thanks!

Note: See TracTickets for help on using tickets.