rezometz/re2o
8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2024-11-22 11:23:10 +00:00
Code Issues Releases Wiki Activity

Vue de modification du mdp

Browse source
This commit is contained in:
chirac 2016-07-02 00:35:44 +02:00
parent 5d81cbdd15
commit 8343478aea
3 changed files with 42 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
re2o/login.py Normal file
View file

@ -0,0 +1,30 @@
# -*- coding: utf-8 -*-
# Module d'authentification
# David Sinquin, Gabriel Détraz, Goulven Kermarec
import hashlib, binascii
import os
from base64 import urlsafe_b64encode as encode
from base64 import urlsafe_b64decode as decode
def makeSecret(password):
salt = os.urandom(4)
h = hashlib.sha1(password.encode())
h.update(salt)
return "{SSHA}" + encode(h.digest() + salt).decode()
def hashNT(password):
hash = hashlib.new('md4', password.encode()).digest()
return binascii.hexlify(hash)
def checkPassword(challenge_password, password):
challenge_bytes = decode(challenge_password[6:])
digest = challenge_bytes[:20]
salt = challenge_bytes[20:]
hr = hashlib.sha1(password.encode())
hr.update(salt)
valid_password = True
# La comparaison est volontairement en temps constant (pour éviter les timing-attacks)
for i, j in zip(digest, hr.digest()):
valid_password &= i == j
return valid_password

3
users/forms.py
View file

@ -5,4 +5,5 @@ from django import forms
class PassForm(forms.Form): class PassForm(forms.Form):
passwd = forms.CharField(label=u'Nouveau mot de passe', max_length=255, widget=forms.PasswordInput) passwd1 = forms.CharField(label=u'Nouveau mot de passe', max_length=255, widget=forms.PasswordInput)
passwd2 = forms.CharField(label=u'Saisir à nouveau le mot de passe', max_length=255, widget=forms.PasswordInput)

12
users/views.py
View file

@ -10,6 +10,8 @@ from django.contrib import messages
from users.models import User, UserForm, InfoForm, PasswordForm, StateForm from users.models import User, UserForm, InfoForm, PasswordForm, StateForm
from users.forms import PassForm from users.forms import PassForm
from re2o.login import makeSecret, hashNT
def form(ctx, template, request): def form(ctx, template, request):
c = ctx c = ctx
c.update(csrf(request)) c.update(csrf(request))
@ -55,7 +57,13 @@ def password(request, userid):
return redirect("/users/") return redirect("/users/")
user_form = PassForm(request.POST or None) user_form = PassForm(request.POST or None)
if user_form.is_valid(): if user_form.is_valid():
user.pwd_ssha = user_form.cleaned_data['passwd'] if user_form.cleaned_data['passwd1'] != user_form.cleaned_data['passwd2']:
user.pwd_ntlm = user_form.cleaned_data['passwd'] messages.error(request, u"Les 2 mots de passe différent" )
return form({'userform': user_form}, 'users/user.html', request)
user.pwd_ssha = makeSecret(user_form.cleaned_data['passwd1'])
user.pwd_ntlm = hashNT(user_form.cleaned_data['passwd1'])
user.save() user.save()
return form({'userform': user_form}, 'users/user.html', request) return form({'userform': user_form}, 'users/user.html', request)
def index(request):
return render(request, 'users/index.html')