mirror of
https://gitlab2.federez.net/re2o/re2o
synced 2024-11-26 14:42:25 +00:00
Merge branch 'recrypt_password_on_login' into 'dev'
Produce newer hash upon login See merge request federez/re2o!249
This commit is contained in:
commit
f983a8c22a
2 changed files with 20 additions and 0 deletions
|
@ -35,6 +35,7 @@ import os
|
||||||
from base64 import encodestring, decodestring, b64encode, b64decode
|
from base64 import encodestring, decodestring, b64encode, b64decode
|
||||||
from collections import OrderedDict
|
from collections import OrderedDict
|
||||||
from django.contrib.auth import hashers
|
from django.contrib.auth import hashers
|
||||||
|
from django.contrib.auth.backends import ModelBackend
|
||||||
from hmac import compare_digest as constant_time_compare
|
from hmac import compare_digest as constant_time_compare
|
||||||
|
|
||||||
|
|
||||||
|
@ -226,3 +227,19 @@ class SSHAPasswordHasher(hashers.BasePasswordHasher):
|
||||||
As we are not using multiple iterations the method is pretty useless
|
As we are not using multiple iterations the method is pretty useless
|
||||||
"""
|
"""
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
class RecryptBackend(ModelBackend):
|
||||||
|
def authenticate(self, username=None, password=None):
|
||||||
|
# we obtain from the classical auth backend the user
|
||||||
|
user = super(RecryptBackend, self).authenticate(username, password)
|
||||||
|
if user:
|
||||||
|
if not(user.pwd_ntlm):
|
||||||
|
# if we dont have NT hash, we create it
|
||||||
|
user.pwd_ntlm = hashNT(password)
|
||||||
|
user.save()
|
||||||
|
if not("SSHA" in user.password):
|
||||||
|
# if the hash is too old, we update it
|
||||||
|
user.password = makeSecret(password)
|
||||||
|
user.save()
|
||||||
|
return user
|
||||||
|
|
|
@ -96,6 +96,9 @@ MIDDLEWARE_CLASSES = (
|
||||||
'django.middleware.security.SecurityMiddleware',
|
'django.middleware.security.SecurityMiddleware',
|
||||||
'reversion.middleware.RevisionMiddleware',
|
'reversion.middleware.RevisionMiddleware',
|
||||||
)
|
)
|
||||||
|
|
||||||
|
AUTHENTICATION_BACKENDS = ['re2o.login.RecryptBackend']
|
||||||
|
|
||||||
# Include debug_toolbar middleware if activated
|
# Include debug_toolbar middleware if activated
|
||||||
if 'debug_toolbar' in INSTALLED_APPS:
|
if 'debug_toolbar' in INSTALLED_APPS:
|
||||||
# Include this middleware at the beggining
|
# Include this middleware at the beggining
|
||||||
|
|
Loading…
Reference in a new issue