Changeset - 73c99f45ef2a
Parent rev.
Child rev.
[Not reviewed]
beta
0 1 0
Marcin Kuzminski - 15 years ago 2010-11-24 03:38:48
marcin@python-works.com
fixed security issue when saving ldap user saved plaintext password
1 file changed with 3 insertions and 2 deletions:
rhodecode/model/user.py
3
2
0 comments (0 inline, 0 general)
rhodecode/model/user.py
Show inline comments
 
@@ -19,24 +19,25 @@
 
# MA  02110-1301, USA.
 
"""
 
Created on April 9, 2010
 
Model for users
 
:author: marcink
 
"""
 

			




	
	
	
		
 
from pylons.i18n.translation import _

			




	
	
	
		
 
from rhodecode.model.caching_query import FromCache

			




	
	
	
		
 
from rhodecode.model.db import User

			




	
	
	
		
 
from rhodecode.model.meta import Session

			




	
	
	
		
 
from rhodecode.lib.exceptions import *

			




	
	
	
		
 

			




	
	
	
		
 
import logging

			




	
	
	
		
 
import traceback

			




	
	
	
		
 

			




	
	
	
		
 
log = logging.getLogger(__name__)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class UserModel(object):

			




	
	
	
		
 

			




	
	
	
		
 
    def __init__(self):

			




	
	
	
		
 
        self.sa = Session()

			




	
	
	
		
 

			




	
	
		
 
@@ -71,30 +72,30 @@ class UserModel(object):

			




	
	
	
		
 
        except:

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            self.sa.rollback()

			




	
	
	
		
 
            raise

			




	
	
	
		
 

			




	
	
	
		
 
    def create_ldap(self, username, password):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Checks if user is in database, if not creates this user marked

			




	
	
	
		
 
        as ldap user

			




	
	
	
		
 
        :param username:

			




	
	
	
		
 
        :param password:

			




	
	
	
		
 
        """

			




	
	
	
		
 

			




	
	
	
		
 
        from rhodecode.lib.auth import get_crypt_password

			




	
	
	
		
 
        if self.get_by_username(username) is None:

			




	
	
	
		
 
            try:

			




	
	
	
		
 
                new_user = User()

			




	
	
	
		
 
                new_user.username = username

			




	
	
	
		
 
                new_user.password = password

			




	
	
	
		
 
                new_user.password = get_crypt_password(password)

			




	
	
	
		
 
                new_user.email = '%s@ldap.server' % username

			




	
	
	
		
 
                new_user.active = True

			




	
	
	
		
 
                new_user.is_ldap = True

			




	
	
	
		
 
                new_user.name = '%s@ldap' % username

			




	
	
	
		
 
                new_user.lastname = ''

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
                self.sa.add(new_user)

			




	
	
	
		
 
                self.sa.commit()

			




	
	
	
		
 
                return True

			




	
	
	
		
 
            except:

			




	
	
	
		
 
                log.error(traceback.format_exc())

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.