diff options
| author | Rodney Ewing <ewing.rj@gmail.com> | 2013-05-14 17:14:48 -0700 |
|---|---|---|
| committer | Rodney Ewing <ewing.rj@gmail.com> | 2013-05-24 16:52:48 -0700 |
| commit | d54cf48a33d16619f94fa3873f88392b4c77a23e (patch) | |
| tree | be586d92ab1ed11f8d8d98693d895c4841b6c49f | |
| parent | 744f1c83b9c94a82612c981ec56782f3db457357 (diff) | |
| download | mediagoblin-d54cf48a33d16619f94fa3873f88392b4c77a23e.tar.lz mediagoblin-d54cf48a33d16619f94fa3873f88392b4c77a23e.tar.xz mediagoblin-d54cf48a33d16619f94fa3873f88392b4c77a23e.zip | |
moved bcrypt_check_password to basic_auth/tools from auth/lib
| -rw-r--r-- | mediagoblin/auth/__init__.py | 4 | ||||
| -rw-r--r-- | mediagoblin/auth/lib.py | 32 | ||||
| -rw-r--r-- | mediagoblin/auth/views.py | 2 | ||||
| -rw-r--r-- | mediagoblin/db/mixin.py | 5 | ||||
| -rw-r--r-- | mediagoblin/edit/views.py | 1 | ||||
| -rw-r--r-- | mediagoblin/plugins/basic_auth/__init__.py | 5 |
6 files changed, 9 insertions, 40 deletions
diff --git a/mediagoblin/auth/__init__.py b/mediagoblin/auth/__init__.py index 2460c048..abb18d2d 100644 --- a/mediagoblin/auth/__init__.py +++ b/mediagoblin/auth/__init__.py @@ -16,8 +16,8 @@ from mediagoblin.tools.pluginapi import hook_handle -def check_login(user, login_form): - return hook_handle("auth_check_login", user, login_form) +def check_login(user, password): + return hook_handle("auth_check_login", user, password) def get_user(*args): diff --git a/mediagoblin/auth/lib.py b/mediagoblin/auth/lib.py index 6ce23f5b..1a9416fc 100644 --- a/mediagoblin/auth/lib.py +++ b/mediagoblin/auth/lib.py @@ -23,38 +23,6 @@ from mediagoblin.tools.template import render_template from mediagoblin import mg_globals -def bcrypt_check_password(raw_pass, stored_hash, extra_salt=None): - """ - Check to see if this password matches. - - Args: - - raw_pass: user submitted password to check for authenticity. - - stored_hash: The hash of the raw password (and possibly extra - salt) to check against - - extra_salt: (optional) If this password is with stored with a - non-database extra salt (probably in the config file) for extra - security, factor this into the check. - - Returns: - True or False depending on success. - """ - if extra_salt: - raw_pass = u"%s:%s" % (extra_salt, raw_pass) - - hashed_pass = bcrypt.hashpw(raw_pass.encode('utf-8'), stored_hash) - - # Reduce risk of timing attacks by hashing again with a random - # number (thx to zooko on this advice, which I hopefully - # incorporated right.) - # - # See also: - rand_salt = bcrypt.gensalt(5) - randplus_stored_hash = bcrypt.hashpw(stored_hash, rand_salt) - randplus_hashed_pass = bcrypt.hashpw(hashed_pass, rand_salt) - - return randplus_stored_hash == randplus_hashed_pass - - def bcrypt_gen_password_hash(raw_pass, extra_salt=None): """ Generate a salt for this new password. diff --git a/mediagoblin/auth/views.py b/mediagoblin/auth/views.py index 811bb157..b13efebc 100644 --- a/mediagoblin/auth/views.py +++ b/mediagoblin/auth/views.py @@ -105,7 +105,7 @@ def login(request): if login_form.validate(): user = auth.get_user(login_form) - if user and auth.check_login(user, login_form): + if user and auth.check_login(user, login_form.password.data): # set up login in session request.session['user_id'] = unicode(user.id) request.session.save() diff --git a/mediagoblin/db/mixin.py b/mediagoblin/db/mixin.py index e7f66fa1..2f41292b 100644 --- a/mediagoblin/db/mixin.py +++ b/mediagoblin/db/mixin.py @@ -34,7 +34,7 @@ import datetime from werkzeug.utils import cached_property from mediagoblin import mg_globals -from mediagoblin.auth import lib as auth_lib +from mediagoblin import auth from mediagoblin.media_types import get_media_managers, FileTypeNotSupported from mediagoblin.tools import common, licenses from mediagoblin.tools.text import cleaned_markdown_conversion @@ -46,8 +46,7 @@ class UserMixin(object): """ See if a user can login with this password """ - return auth_lib.bcrypt_check_password( - password, self.pw_hash) + return auth.check_login(self, password) @property def bio_html(self): diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py index 508c380d..ad3cbaca 100644 --- a/mediagoblin/edit/views.py +++ b/mediagoblin/edit/views.py @@ -23,6 +23,7 @@ from mediagoblin import messages from mediagoblin import mg_globals from mediagoblin.auth import lib as auth_lib +from mediagoblin import auth from mediagoblin.edit import forms from mediagoblin.edit.lib import may_edit_media from mediagoblin.decorators import (require_active_login, active_user_from_url, diff --git a/mediagoblin/plugins/basic_auth/__init__.py b/mediagoblin/plugins/basic_auth/__init__.py index a3539738..68e331ff 100644 --- a/mediagoblin/plugins/basic_auth/__init__.py +++ b/mediagoblin/plugins/basic_auth/__init__.py @@ -17,6 +17,7 @@ import os import uuid import forms as auth_forms +import tools as auth_tools from mediagoblin.auth import lib as auth_lib from mediagoblin.db.models import User from mediagoblin.tools.translate import pass_to_ugettext as _ @@ -28,8 +29,8 @@ def setup_plugin(): config = pluginapi.get_config('mediagoblin.pluginapi.basic_auth') -def check_login(user, login_form): - return user.check_login(login_form.password.data) +def check_login(user, password): + return auth_tools.bcrypt_check_password(password, user.pw_hash) def get_user(login_form): |