vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Add unicode password support

Browse source
This commit is contained in:
Joseph Schorr 2014-09-18 17:36:26 -04:00
parent f93dd63e81
commit 6b05b55225
2 changed files with 12 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
data/model/legacy.py
View file

@ -86,6 +86,9 @@ class TooManyLoginAttemptsException(Exception):
super(TooManyLoginAttemptsException, self).__init__(message) super(TooManyLoginAttemptsException, self).__init__(message)
self.retry_after = retry_after self.retry_after = retry_after
def hash_password(password, salt=None):
salt = salt or bcrypt.gensalt()
return bcrypt.hashpw(password.encode('utf-8'), salt)
def is_create_user_allowed(): def is_create_user_allowed():
return True return True
@ -101,7 +104,7 @@ def create_user(username, password, email):
created = _create_user(username, email) created = _create_user(username, email)
# Store the password hash # Store the password hash
pw_hash = bcrypt.hashpw(password, bcrypt.gensalt()) pw_hash = hash_password(password)
created.password_hash = pw_hash created.password_hash = pw_hash
created.save() created.save()
@ -613,10 +616,7 @@ def verify_user(username_or_email, password):
retry_after = can_retry_at - now retry_after = can_retry_at - now
raise TooManyLoginAttemptsException('Too many login attempts.', retry_after.total_seconds()) raise TooManyLoginAttemptsException('Too many login attempts.', retry_after.total_seconds())
if (fetched.password_hash and if (fetched.password_hash and hash_password(password, fetched.password_hash) == fetched.password_hash):
bcrypt.hashpw(password, fetched.password_hash) ==
fetched.password_hash):
if fetched.invalid_login_attempts > 0: if fetched.invalid_login_attempts > 0:
fetched.invalid_login_attempts = 0 fetched.invalid_login_attempts = 0
fetched.save() fetched.save()
@ -811,7 +811,7 @@ def change_password(user, new_password):
if not validate_password(new_password): if not validate_password(new_password):
raise InvalidPasswordException(INVALID_PASSWORD_MESSAGE) raise InvalidPasswordException(INVALID_PASSWORD_MESSAGE)
pw_hash = bcrypt.hashpw(new_password, bcrypt.gensalt()) pw_hash = hash_password(new_password)
user.password_hash = pw_hash user.password_hash = pw_hash
user.save() user.save()

6
test/test_api_usage.py
View file

@ -339,6 +339,12 @@ class TestChangeUserDetails(ApiTestCase):
data=dict(password='newpasswordiscool')) data=dict(password='newpasswordiscool'))
self.login(READ_ACCESS_USER, password='newpasswordiscool') self.login(READ_ACCESS_USER, password='newpasswordiscool')
def test_changepassword_unicode(self):
self.login(READ_ACCESS_USER)
self.putJsonResponse(User,
data=dict(password='someunicode北京市pass'))
self.login(READ_ACCESS_USER, password='someunicode北京市pass')
def test_changeeemail(self): def test_changeeemail(self):
self.login(READ_ACCESS_USER) self.login(READ_ACCESS_USER)