[IMP] auth_crypt: port encrypt-at-install from f29ff5e
also move utility methods to class bottom to improve reading experience (hopefully)
This commit is contained in:
parent
3b39e5f2cc
commit
82f10f4ca2
|
@ -21,31 +21,17 @@ default_crypt_context = CryptContext(
|
|||
class res_users(osv.osv):
|
||||
_inherit = "res.users"
|
||||
|
||||
def _crypt_context(self, cr, uid, id, context=None):
|
||||
""" Passlib CryptContext instance used to encrypt and verify
|
||||
passwords. Can be overridden if technical, legal or political matters
|
||||
require different kdfs than the provided default.
|
||||
|
||||
Requires a CryptContext as deprecation and upgrade notices are used
|
||||
internally
|
||||
"""
|
||||
return default_crypt_context
|
||||
|
||||
def _store_encrypted_password(self, cr, uid, id, encrypted, context=None):
|
||||
"""
|
||||
:param uid: id of the current user
|
||||
:param id: id of the user on which the password should be set
|
||||
"""
|
||||
cr.execute(
|
||||
"UPDATE res_users SET password='', password_crypt=%s WHERE id=%s",
|
||||
(encrypted, id))
|
||||
def init(self, cr):
|
||||
_logger.info("Hashing passwords, may be slow for databases with many users...")
|
||||
cr.execute("SELECT id, password FROM res_users"
|
||||
" WHERE password IS NOT NULL"
|
||||
" AND password != ''")
|
||||
for uid, pwd in cr.fetchall():
|
||||
self._set_password(cr, openerp.SUPERUSER_ID, uid, pwd)
|
||||
|
||||
def set_pw(self, cr, uid, id, name, value, args, context):
|
||||
if value:
|
||||
encrypted = self._crypt_context(cr, uid, id, context=context)\
|
||||
.encrypt(value)
|
||||
self._store_encrypted_password(
|
||||
cr, uid, id, encrypted, context=context)
|
||||
self._set_password(cr, uid, id, value, context=context)
|
||||
|
||||
def get_pw( self, cr, uid, ids, name, args, context ):
|
||||
cr.execute('select id, password from res_users where id in %s', (tuple(map(int, ids)),))
|
||||
|
@ -63,8 +49,7 @@ class res_users(osv.osv):
|
|||
if cr.rowcount:
|
||||
stored, encrypted = cr.fetchone()
|
||||
if stored and not encrypted:
|
||||
encrypted = self._crypt_context(cr, uid, uid).encrypt(stored)
|
||||
self._store_encrypted_password(cr, uid, uid, encrypted)
|
||||
self._set_password(cr, uid, uid, stored)
|
||||
try:
|
||||
return super(res_users, self).check_credentials(cr, uid, password)
|
||||
except openerp.exceptions.AccessDenied:
|
||||
|
@ -72,11 +57,39 @@ class res_users(osv.osv):
|
|||
valid_pass, replacement = self._crypt_context(cr, uid, uid)\
|
||||
.verify_and_update(password, encrypted)
|
||||
if replacement is not None:
|
||||
self._store_encrypted_password(cr, uid, uid, replacement)
|
||||
self._set_encrypted_password(cr, uid, uid, replacement)
|
||||
if valid_pass:
|
||||
return
|
||||
|
||||
raise
|
||||
|
||||
def _set_password(self, cr, uid, id, password, context=None):
|
||||
""" Encrypts then stores the provided plaintext password for the user
|
||||
``id``
|
||||
"""
|
||||
encrypted = self._crypt_context(cr, uid, id, context=context).encrypt(password)
|
||||
self._set_encrypted_password(cr, uid, id, encrypted, context=context)
|
||||
|
||||
def _set_encrypted_password(self, cr, uid, id, encrypted, context=None):
|
||||
""" Store the provided encrypted password to the database, and clears
|
||||
any plaintext password
|
||||
|
||||
:param uid: id of the current user
|
||||
:param id: id of the user on which the password should be set
|
||||
"""
|
||||
cr.execute(
|
||||
"UPDATE res_users SET password='', password_crypt=%s WHERE id=%s",
|
||||
(encrypted, id))
|
||||
|
||||
def _crypt_context(self, cr, uid, id, context=None):
|
||||
""" Passlib CryptContext instance used to encrypt and verify
|
||||
passwords. Can be overridden if technical, legal or political matters
|
||||
require different kdfs than the provided default.
|
||||
|
||||
Requires a CryptContext as deprecation and upgrade notices are used
|
||||
internally
|
||||
"""
|
||||
return default_crypt_context
|
||||
|
||||
|
||||
# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4:
|
||||
|
|
Loading…
Reference in New Issue