Skip to content
This repository
Browse code

Replaces deprecated hasher with new django 1.4 hasher

This way we can even use the new hasher configuration
django 1.4 provides.

Signed-off-by: Nils Hasenbanck <nils@hasenbanck.de>
  • Loading branch information...
commit 3af6d0dbfdf0ce76c6792f0a7b1a2e71ad49e05b 1 parent e2bef07
Nils Hasenbanck arbaal authored

Showing 1 changed file with 4 additions and 18 deletions. Show diff stats Hide diff stats

  1. +4 18 mongoengine/django/auth.py
22 mongoengine/django/auth.py
... ... @@ -1,23 +1,14 @@
1 1 from mongoengine import *
2 2
3   -from django.utils.hashcompat import md5_constructor, sha_constructor
4 3 from django.utils.encoding import smart_str
5 4 from django.contrib.auth.models import AnonymousUser
  5 +from django.contrib.auth.hashers import check_password, make_password
6 6 from django.utils.translation import ugettext_lazy as _
7 7
8 8 import datetime
9 9
10 10 REDIRECT_FIELD_NAME = 'next'
11 11
12   -def get_hexdigest(algorithm, salt, raw_password):
13   - raw_password, salt = smart_str(raw_password), smart_str(salt)
14   - if algorithm == 'md5':
15   - return md5_constructor(salt + raw_password).hexdigest()
16   - elif algorithm == 'sha1':
17   - return sha_constructor(salt + raw_password).hexdigest()
18   - raise ValueError('Got unknown password algorithm type in password')
19   -
20   -
21 12 class User(Document):
22 13 """A User document that aims to mirror most of the API specified by Django
23 14 at http://docs.djangoproject.com/en/dev/topics/auth/#users
@@ -34,7 +25,7 @@ class User(Document):
34 25 email = EmailField(verbose_name=_('e-mail address'))
35 26 password = StringField(max_length=128,
36 27 verbose_name=_('password'),
37   - help_text=_("Use '[algo]$[salt]$[hexdigest]' or use the <a href=\"password/\">change password form</a>."))
  28 + help_text=_("Use '[algo]$[iterations]$[salt]$[hexdigest]' or use the <a href=\"password/\">change password form</a>."))
38 29 is_staff = BooleanField(default=False,
39 30 verbose_name=_('staff status'),
40 31 help_text=_("Designates whether the user can log into this admin site."))
@@ -75,11 +66,7 @@ def set_password(self, raw_password):
75 66 assigning to :attr:`~mongoengine.django.auth.User.password` as the
76 67 password is hashed before storage.
77 68 """
78   - from random import random
79   - algo = 'sha1'
80   - salt = get_hexdigest(algo, str(random()), str(random()))[:5]
81   - hash = get_hexdigest(algo, salt, raw_password)
82   - self.password = '%s$%s$%s' % (algo, salt, hash)
  69 + self.password = make_password(raw_password)
83 70 self.save()
84 71 return self
85 72
@@ -89,8 +76,7 @@ def check_password(self, raw_password):
89 76 :attr:`~mongoengine.django.auth.User.password` as the password is
90 77 hashed before storage.
91 78 """
92   - algo, salt, hash = self.password.split('$')
93   - return hash == get_hexdigest(algo, salt, raw_password)
  79 + return check_password(raw_password, self.password)
94 80
95 81 @classmethod
96 82 def create_user(cls, username, password, email=None):

0 comments on commit 3af6d0d

Please sign in to comment.
Something went wrong with that request. Please try again.