[Erp5-report] r6344 - in /erp5/trunk/products: ERP5/Document/ ERP5Security/

[nobody at svn.erp5.org]

Author: jerome
Date: Wed Mar 29 23:46:19 2006
New Revision: 6344

URL: http://svn.erp5.org?rev=6344&view=rev
Log:
Encrypt passwords

Modified:
    erp5/trunk/products/ERP5/Document/Person.py
    erp5/trunk/products/ERP5Security/ERP5UserManager.py

Modified: erp5/trunk/products/ERP5/Document/Person.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5/Document/Person.py?rev=6344&r1=6343&r2=6344&view=diff
==============================================================================
--- erp5/trunk/products/ERP5/Document/Person.py (original)
+++ erp5/trunk/products/ERP5/Document/Person.py Wed Mar 29 23:46:19 2006
@@ -42,7 +42,10 @@
 except ImportError:
   PluggableAuthService = None
 
-
+try :
+  from AccessControl.AuthEncoding import pw_encrypt
+except ImportError:
+  pw_encrypt = lambda pw:pw
 
 class Person(Entity, Node, XMLObject):
     """
@@ -178,6 +181,6 @@
         Set the password, only if the password is not empty.
       """
       if value is not None :
-        self._setPassword(value)
+        self._setPassword(pw_encrypt(value))
         self.reindexObject()
     

Modified: erp5/trunk/products/ERP5Security/ERP5UserManager.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5Security/ERP5UserManager.py?rev=6344&r1=6343&r2=6344&view=diff
==============================================================================
--- erp5/trunk/products/ERP5Security/ERP5UserManager.py (original)
+++ erp5/trunk/products/ERP5Security/ERP5UserManager.py Wed Mar 29 23:46:19 2006
@@ -27,6 +27,11 @@
 from Products.ERP5Type.Cache import CachingMethod
 
 from zLOG import LOG
+
+try :
+  from AccessControl.AuthEncoding import pw_validate
+except ImportError:
+  pw_validate = lambda reference, attempt: reference == attempt
 
 # This user is used to bypass all security checks.
 SUPER_USER = '__erp5security-=__'
@@ -85,7 +90,7 @@
 
             user = user_list[0]
 
-            if user.getPassword() == password and\
+            if pw_validate(user.getPassword(), password) and\
                 user.getCareerRole() == 'internal':
               return login, login # use same for user_id and login