kallithea Changeset - b6a25169c005

Changeset - b6a25169c005

Parent rev.

Child rev.

[Not reviewed]

default

0 1 0

Marcin Kuzminski - 15 years ago 2010-08-19 21:38:08
marcin@python-works.com

fixes #25 removed crypt based password hashing and changed it into sha1 based.

1 file changed with 7 insertions and 6 deletions:

pylons_app/lib/auth.py

0 comments (0 inline, 0 general)

pylons_app/lib/auth.py

➞

Show inline comments

@@ @@ -21,37 +21,36 @@ @@
 Created on April 4, 2010
 @author: marcink
 """
 from beaker.cache import cache_region
 from pylons import config, session, url, request
 from pylons.controllers.util import abort, redirect
 from pylons_app.lib.utils import get_repo_slug
 from pylons_app.model import meta
 from pylons_app.model.db import User, RepoToPerm, Repository, Permission
 from sqlalchemy.exc import OperationalError
 from sqlalchemy.orm.exc import NoResultFound, MultipleResultsFound
-import crypt
+import hashlib
 from decorator import decorator
 import logging
 log = logging.getLogger(__name__)
 def get_crypt_password(password):
     """
     Cryptographic function used for password hashing
     """Cryptographic function used for password hashing based on sha1
     @param password: password to hash
     """
     return crypt.crypt(password, '6a')
     hashed = hashlib.sha1(password).hexdigest()
     return hashed[3:] + hashed[:3]
 @cache_region('super_short_term', 'cached_user')
 def get_user_cached(username):
     sa = meta.Session
     try:
         user = sa.query(User).filter(User.username == username).one()
     finally:
         meta.Session.remove()
     return user
 def authfunc(environ, username, password):
     password_crypt = get_crypt_password(password)
@@ @@ -142,24 +141,26 @@ def fill_perms(user): @@
         .filter(RepoToPerm.user_id == sa.query(User).filter(User.username ==
                                             'default').one().user_id).all()
     if user.is_admin:
         user.permissions['global'].add('hg.admin')
         #admin have all rights set to admin
         for perm in default_perms:
             p = 'repository.admin'
             user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
     else:
         user.permissions['global'].add('repository.create')
         user.permissions['global'].add('hg.register')
         for perm in default_perms:
             if perm.Repository.private and not perm.Repository.user_id == user.user_id:
                 #disable defaults for private repos,
                 p = 'repository.none'
             elif perm.Repository.user_id == user.user_id:
                 #set admin if owner
                 p = 'repository.admin'
             else:
                 p = perm.Permission.permission_name
             user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
@@ @@ -178,25 +179,25 @@ def fill_perms(user): @@
             user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
     meta.Session.remove()
     return user
 def get_user(session):
     """
     Gets user from session, and wraps permissions into user
     @param session:
     """
     user = session.get('hg_app_user', AuthUser())
     if user.is_authenticated:
         user = fill_data(user)
-        user = fill_perms(user)
     user = fill_perms(user)
     session['hg_app_user'] = user
     session.save()
     return user
 #===============================================================================
 # CHECK DECORATORS
 #===============================================================================
 class LoginRequired(object):
     """Must be logged in to execute this function else redirect to login page"""
     def __call__(self, func):
         return decorator(self.__wrapper, func)

0 comments (0 inline, 0 general)