django 1.3 compatibility with dynamic hashers from 1.4 #16
Conversation
|
Hey @fwenzel can you take a look at this? |
| @@ -63,7 +65,7 @@ def check_password(self, raw_password): | |||
| Supports automatic upgrading to stronger hashes. | |||
| """ | |||
| hashed_with = self.password.split('$', 1)[0] | |||
| if hashed_with in ['bcrypt', 'hh']: | |||
| if hashed_with in ['bcrypt', 'hh'] or hashed_with in get_dynamic_hasher_names(settings.HMAC_KEYS): | |||
|
Sure, working on that now. |
|
@fwenzel : Corrected the pep8 issues and added a test. While doing the tests, I stumbled on a couple weird issues :
I think everything is all right now, but a second pair of eyes would be nice. |
| } | ||
|
|
||
| u = User.objects.get(username="john") | ||
| django14_style_password = prefix + raw_hashes['john'] + suffix |
There was a problem hiding this comment.
Chaining of "+" to concatenate text is frowned upon in Python. You want ''.join((my, tuple)).
There was a problem hiding this comment.
or '%s%s%s' % (my, other, tuple) of course ;)
|
Good job, this looks good! Will you squash your commits into a single commit? ( |
…KEYS order in 1.4
|
Done ! The string concatenation is gone, all tests are passing and I rebased everything in one commit. |
|
You, sir, are a scholar and a gentleman. Thank you! |
django 1.3 compatibility with dynamic hashers from 1.4
If a project uses django_sha2 + django 1.4 + dynamic hashers generation as suggested in the README, and then goes back to 1.3, checking the password of any user whose password was "upgraded" to the new-style hashers fails.
If I understand the code correctly, this is because the hashers used for 1.4 support have different prefixes, one for each entry in HMAC_KEYS, which wasn't the case before. In check_password() monkeypatch, there is a check to see if django_sha2 should use its own bcrypt_auth.check_password() code but it only checks if the hasher is "bcrypt" or "hh", so it fails if any dynamic hasher was used.
This pull request makes the check_password() monkeypatch also check if the hasher is in the dynamic hashers list. I haven't included tests yet because I'm not sure this is the right solution at the moment and I'd prefer having feedback on the patch before working on some tests.