Switch to passlib for password hashing and verification
at some point now, can remove the 'salt' column too
This commit is contained in:
		
							parent
							
								
									30636fcfcf
								
							
						
					
					
						commit
						4af93ac405
					
				
					 2 changed files with 8 additions and 18 deletions
				
			
		|  | @ -26,13 +26,15 @@ Authentication & Authorization | |||
| 
 | ||||
| from __future__ import unicode_literals, absolute_import | ||||
| 
 | ||||
| import bcrypt | ||||
| import six | ||||
| from passlib.context import CryptContext | ||||
| from sqlalchemy.orm.exc import NoResultFound | ||||
| 
 | ||||
| from rattail.db import model | ||||
| 
 | ||||
| 
 | ||||
| password_context = CryptContext(schemes=['bcrypt']) | ||||
| 
 | ||||
| 
 | ||||
| def authenticate_user(session, userobj, password): | ||||
|     """ | ||||
|     Attempt to authenticate a user. | ||||
|  | @ -53,28 +55,15 @@ def authenticate_user(session, userobj, password): | |||
|         except NoResultFound: | ||||
|             user = None | ||||
|     if user and user.active and user.password is not None: | ||||
|         # apparently bcrypt's hashpw() doesn't like Unicode | ||||
|         if isinstance(password, six.text_type): | ||||
|             password = password.encode('utf_8') | ||||
|         salt = user.salt.encode('utf_8') | ||||
|         try: | ||||
|             authenticated = (bcrypt.hashpw(password, salt) == user.password) | ||||
|         except UnicodeEncodeError: | ||||
|             authenticated = False | ||||
|         if authenticated: | ||||
|         if password_context.verify(password, user.password): | ||||
|             return user | ||||
|     return None | ||||
| 
 | ||||
| 
 | ||||
| def set_user_password(user, password): | ||||
|     """ | ||||
|     Set a user's password. | ||||
|     """ | ||||
|     # apparently bcrypt's hashpw() doesn't like Unicode | ||||
|     if isinstance(password, six.text_type): | ||||
|         password = password.encode('utf_8') | ||||
|     user.salt = bcrypt.gensalt() | ||||
|     user.password = bcrypt.hashpw(password, user.salt) | ||||
|     user.password = password_context.hash(password) | ||||
| 
 | ||||
| 
 | ||||
| def special_role(session, uuid, name): | ||||
|  |  | |||
							
								
								
									
										3
									
								
								setup.py
									
										
									
									
									
								
							
							
						
						
									
										3
									
								
								setup.py
									
										
									
									
									
								
							|  | @ -162,7 +162,8 @@ else: | |||
|     extras['auth'] = [ | ||||
|         # | ||||
|         # package                       # low                   high | ||||
|              | ||||
| 
 | ||||
|         'passlib',                      # 1.7.1 | ||||
|         'py-bcrypt',                    # 0.2 | ||||
|         ] | ||||
| 
 | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue
	
	 Lance Edgar
						Lance Edgar