8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2024-11-06 01:46:27 +00:00

Merge branch 'recrypt_password_on_login' into 'dev'

Produce newer hash upon login

See merge request federez/re2o!249
This commit is contained in:
chirac 2018-08-12 19:12:31 +02:00
commit f983a8c22a
2 changed files with 20 additions and 0 deletions

View file

@ -35,6 +35,7 @@ import os
from base64 import encodestring, decodestring, b64encode, b64decode from base64 import encodestring, decodestring, b64encode, b64decode
from collections import OrderedDict from collections import OrderedDict
from django.contrib.auth import hashers from django.contrib.auth import hashers
from django.contrib.auth.backends import ModelBackend
from hmac import compare_digest as constant_time_compare from hmac import compare_digest as constant_time_compare
@ -226,3 +227,19 @@ class SSHAPasswordHasher(hashers.BasePasswordHasher):
As we are not using multiple iterations the method is pretty useless As we are not using multiple iterations the method is pretty useless
""" """
pass pass
class RecryptBackend(ModelBackend):
def authenticate(self, username=None, password=None):
# we obtain from the classical auth backend the user
user = super(RecryptBackend, self).authenticate(username, password)
if user:
if not(user.pwd_ntlm):
# if we dont have NT hash, we create it
user.pwd_ntlm = hashNT(password)
user.save()
if not("SSHA" in user.password):
# if the hash is too old, we update it
user.password = makeSecret(password)
user.save()
return user

View file

@ -96,6 +96,9 @@ MIDDLEWARE_CLASSES = (
'django.middleware.security.SecurityMiddleware', 'django.middleware.security.SecurityMiddleware',
'reversion.middleware.RevisionMiddleware', 'reversion.middleware.RevisionMiddleware',
) )
AUTHENTICATION_BACKENDS = ['re2o.login.RecryptBackend']
# Include debug_toolbar middleware if activated # Include debug_toolbar middleware if activated
if 'debug_toolbar' in INSTALLED_APPS: if 'debug_toolbar' in INSTALLED_APPS:
# Include this middleware at the beggining # Include this middleware at the beggining