Merge c6871c5 into c67969e

kakwa · Jun 18, 2016 · a1c8dbf · a1c8dbf
2 parents c67969e + c6871c5
commit a1c8dbf
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 2 deletions.
diff --git a/conf/attributes.yml b/conf/attributes.yml
@@ -118,6 +118,7 @@ password:
     weight: 31
     self: True
     type: password
+#    hash: ldap_sha512_crypt
     backends:
         ldap: userPassword
 #        ad: unicodePwd

diff --git a/ldapcherry/__init__.py b/ldapcherry/__init__.py
@@ -31,6 +31,9 @@
 from mako import lookup
 from sets import Set
 
+# passlib hash password module import
+from passlib.context import CryptContext
+
 SESSION_KEY = '_cp_username'
 
 
@@ -596,7 +599,12 @@ def _adduser(self, params):
                     raise PasswordMissMatch()
                 if not self._checkppolicy(params['attrs'][pwd1])['match']:
                     raise PPolicyError()
-                params['attrs'][attr] = params['attrs'][pwd1]
+                hash_type = self.attributes.attributes[attr].get('hash')
+                if hash_type:
+                    ctx = CryptContext(schemes=[hash_type])
+                    params['attrs'][attr] = ctx.encrypt(params['attrs'][pwd1])
+                else:
+                    params['attrs'][attr] = params['attrs'][pwd1]
             if attr in params['attrs']:
                 self.attributes.check_attr(attr, params['attrs'][attr])
                 backends = self.attributes.get_backends_attributes(attr)
@@ -653,7 +661,12 @@ def _modify_attrs(self, params, attr_list, username):
                                 params['attrs'][pwd1]
                                 )['match']:
                         raise PPolicyError()
-                    params['attrs'][attr] = params['attrs'][pwd1]
+                    hash_type = self.attributes.attributes[attr].get('hash')
+                    if hash_type:
+                        ctx = CryptContext(schemes=[hash_type])
+                        params['attrs'][attr] = ctx.encrypt(params['attrs'][pwd1])
+                    else:
+                        params['attrs'][attr] = params['attrs'][pwd1]
             if attr in params['attrs'] and params['attrs'][attr] != '':
                 self.attributes.check_attr(attr, params['attrs'][attr])
                 backends = self.attributes.get_backends_attributes(attr)

diff --git a/requirements.txt b/requirements.txt
@@ -2,3 +2,4 @@ CherryPy>=3.0.0
 PyYAML
 Mako
 python-ldap
+passlib
diff --git a/setup.py b/setup.py
@@ -22,6 +22,7 @@
     install_requires = [
         'CherryPy >= 3.0.0',
         'python-ldap',
+        'passlib',
         'PyYAML',
         'Mako'
         ],