kallithea Changeset - 73c99f45ef2a

Changeset - 73c99f45ef2a

Parent rev.

Child rev.

[Not reviewed]

beta

0 1 0

Marcin Kuzminski - 15 years ago 2010-11-24 03:38:48
marcin@python-works.com

fixed security issue when saving ldap user saved plaintext password

1 file changed with 3 insertions and 2 deletions:

rhodecode/model/user.py

0 comments (0 inline, 0 general)

rhodecode/model/user.py

➞

Show inline comments

@@ @@ -28,6 +28,7 @@ from rhodecode.model.caching_query impor @@
 from rhodecode.model.db import User
 from rhodecode.model.meta import Session
 from rhodecode.lib.exceptions import *
 import logging
 import traceback
@@ @@ -80,12 +81,12 @@ class UserModel(object): @@
         :param username:
         :param password:
         """
+        from rhodecode.lib.auth import get_crypt_password
         if self.get_by_username(username) is None:
             try:
                 new_user = User()
                 new_user.username = username
                 new_user.password = password
+                new_user.password = get_crypt_password(password)
                 new_user.email = '%s@ldap.server' % username
                 new_user.active = True
                 new_user.is_ldap = True

0 comments (0 inline, 0 general)