odoo
/
odoo
2
0
Fork 0
Code Pull Requests Releases Activity

[IMP] auth_crypt: port encrypt-at-install from f29ff5e 

also move utility methods to class bottom to improve reading experience
(hopefully)
This commit is contained in:
Xavier Morel 2014-06-19 09:44:40 +02:00
parent 3b39e5f2cc
commit 82f10f4ca2
1 changed files with 38 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
addons/auth_crypt/auth_crypt.py
View File

@ -21,31 +21,17 @@ default_crypt_context = CryptContext(
class res_users(osv.osv):
_inherit = "res.users"
def _crypt_context(self, cr, uid, id, context=None):
""" Passlib CryptContext instance used to encrypt and verify
passwords. Can be overridden if technical, legal or political matters
require different kdfs than the provided default.
Requires a CryptContext as deprecation and upgrade notices are used
internally
"""
return default_crypt_context
def _store_encrypted_password(self, cr, uid, id, encrypted, context=None):
"""
:param uid: id of the current user
:param id: id of the user on which the password should be set
"""
cr.execute(
"UPDATE res_users SET password='', password_crypt=%s WHERE id=%s",
(encrypted, id))
def init(self, cr):
_logger.info("Hashing passwords, may be slow for databases with many users...")
cr.execute("SELECT id, password FROM res_users"
" WHERE password IS NOT NULL"
" AND password != ''")
for uid, pwd in cr.fetchall():
self._set_password(cr, openerp.SUPERUSER_ID, uid, pwd)
def set_pw(self, cr, uid, id, name, value, args, context):
if value:
encrypted = self._crypt_context(cr, uid, id, context=context)\
.encrypt(value)
self._store_encrypted_password(
cr, uid, id, encrypted, context=context)
self._set_password(cr, uid, id, value, context=context)
def get_pw( self, cr, uid, ids, name, args, context ):
cr.execute('select id, password from res_users where id in %s', (tuple(map(int, ids)),))
@ -63,8 +49,7 @@ class res_users(osv.osv):
if cr.rowcount:
stored, encrypted = cr.fetchone()
if stored and not encrypted:
encrypted = self._crypt_context(cr, uid, uid).encrypt(stored)
self._store_encrypted_password(cr, uid, uid, encrypted)
self._set_password(cr, uid, uid, stored)
try:
return super(res_users, self).check_credentials(cr, uid, password)
except openerp.exceptions.AccessDenied:
@ -72,11 +57,39 @@ class res_users(osv.osv):
valid_pass, replacement = self._crypt_context(cr, uid, uid)\
.verify_and_update(password, encrypted)
if replacement is not None:
self._store_encrypted_password(cr, uid, uid, replacement)
self._set_encrypted_password(cr, uid, uid, replacement)
if valid_pass:
return
raise
def _set_password(self, cr, uid, id, password, context=None):
""" Encrypts then stores the provided plaintext password for the user
``id``
"""
encrypted = self._crypt_context(cr, uid, id, context=context).encrypt(password)
self._set_encrypted_password(cr, uid, id, encrypted, context=context)
def _set_encrypted_password(self, cr, uid, id, encrypted, context=None):
""" Store the provided encrypted password to the database, and clears
any plaintext password
:param uid: id of the current user
:param id: id of the user on which the password should be set
"""
cr.execute(
"UPDATE res_users SET password='', password_crypt=%s WHERE id=%s",
(encrypted, id))
def _crypt_context(self, cr, uid, id, context=None):
""" Passlib CryptContext instance used to encrypt and verify
passwords. Can be overridden if technical, legal or political matters
require different kdfs than the provided default.
Requires a CryptContext as deprecation and upgrade notices are used
internally
"""
return default_crypt_context
# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4: