[Erp5-report] r6344 - in /erp5/trunk/products: ERP5/Document/ ERP5Security/
nobody at svn.erp5.org
nobody at svn.erp5.org
Wed Mar 29 23:46:22 CEST 2006
Author: jerome
Date: Wed Mar 29 23:46:19 2006
New Revision: 6344
URL: http://svn.erp5.org?rev=6344&view=rev
Log:
Encrypt passwords
Modified:
erp5/trunk/products/ERP5/Document/Person.py
erp5/trunk/products/ERP5Security/ERP5UserManager.py
Modified: erp5/trunk/products/ERP5/Document/Person.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5/Document/Person.py?rev=6344&r1=6343&r2=6344&view=diff
==============================================================================
--- erp5/trunk/products/ERP5/Document/Person.py (original)
+++ erp5/trunk/products/ERP5/Document/Person.py Wed Mar 29 23:46:19 2006
@@ -42,7 +42,10 @@
except ImportError:
PluggableAuthService = None
-
+try :
+ from AccessControl.AuthEncoding import pw_encrypt
+except ImportError:
+ pw_encrypt = lambda pw:pw
class Person(Entity, Node, XMLObject):
"""
@@ -178,6 +181,6 @@
Set the password, only if the password is not empty.
"""
if value is not None :
- self._setPassword(value)
+ self._setPassword(pw_encrypt(value))
self.reindexObject()
Modified: erp5/trunk/products/ERP5Security/ERP5UserManager.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5Security/ERP5UserManager.py?rev=6344&r1=6343&r2=6344&view=diff
==============================================================================
--- erp5/trunk/products/ERP5Security/ERP5UserManager.py (original)
+++ erp5/trunk/products/ERP5Security/ERP5UserManager.py Wed Mar 29 23:46:19 2006
@@ -27,6 +27,11 @@
from Products.ERP5Type.Cache import CachingMethod
from zLOG import LOG
+
+try :
+ from AccessControl.AuthEncoding import pw_validate
+except ImportError:
+ pw_validate = lambda reference, attempt: reference == attempt
# This user is used to bypass all security checks.
SUPER_USER = '__erp5security-=__'
@@ -85,7 +90,7 @@
user = user_list[0]
- if user.getPassword() == password and\
+ if pw_validate(user.getPassword(), password) and\
user.getCareerRole() == 'internal':
return login, login # use same for user_id and login
More information about the Erp5-report
mailing list