Commit 382398a3 authored by Charlie Jacomme's avatar Charlie Jacomme Committed by chirac

Produce newer hash upon login

parent a55a6b30
...@@ -35,6 +35,7 @@ import os ...@@ -35,6 +35,7 @@ import os
from base64 import encodestring, decodestring, b64encode, b64decode from base64 import encodestring, decodestring, b64encode, b64decode
from collections import OrderedDict from collections import OrderedDict
from django.contrib.auth import hashers from django.contrib.auth import hashers
from django.contrib.auth.backends import ModelBackend
from hmac import compare_digest as constant_time_compare from hmac import compare_digest as constant_time_compare
...@@ -226,3 +227,19 @@ class SSHAPasswordHasher(hashers.BasePasswordHasher): ...@@ -226,3 +227,19 @@ class SSHAPasswordHasher(hashers.BasePasswordHasher):
As we are not using multiple iterations the method is pretty useless As we are not using multiple iterations the method is pretty useless
""" """
pass pass
class RecryptBackend(ModelBackend):
def authenticate(self, username=None, password=None):
# we obtain from the classical auth backend the user
user = super(RecryptBackend, self).authenticate(username, password)
if user:
if not(user.pwd_ntlm):
# if we dont have NT hash, we create it
user.pwd_ntlm = hashNT(password)
user.save()
if not("SSHA" in user.password):
# if the hash is too old, we update it
user.password = makeSecret(password)
user.save()
return user
...@@ -96,6 +96,9 @@ MIDDLEWARE_CLASSES = ( ...@@ -96,6 +96,9 @@ MIDDLEWARE_CLASSES = (
'django.middleware.security.SecurityMiddleware', 'django.middleware.security.SecurityMiddleware',
'reversion.middleware.RevisionMiddleware', 'reversion.middleware.RevisionMiddleware',
) )
AUTHENTICATION_BACKENDS = ['re2o.login.RecryptBackend']
# Include debug_toolbar middleware if activated # Include debug_toolbar middleware if activated
if 'debug_toolbar' in INSTALLED_APPS: if 'debug_toolbar' in INSTALLED_APPS:
# Include this middleware at the beggining # Include this middleware at the beggining
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment