Old password are hashed and updated in database automatically upon loginmaster
@@ -33,6 +33,8 @@ from sqlalchemy.orm import ( | |||||
from zope.sqlalchemy import ZopeTransactionExtension | from zope.sqlalchemy import ZopeTransactionExtension | ||||
from jm2l.const import CurrentYear | from jm2l.const import CurrentYear | ||||
from passlib.hash import argon2 | |||||
DBSession = scoped_session(sessionmaker(extension=ZopeTransactionExtension())) | DBSession = scoped_session(sessionmaker(extension=ZopeTransactionExtension())) | ||||
Base = declarative_base() | Base = declarative_base() | ||||
@@ -247,7 +249,11 @@ class User(Base): | |||||
return MediaPath().get_thumb('users', self.uid) | return MediaPath().get_thumb('users', self.uid) | ||||
def verify_password(self, password): | def verify_password(self, password): | ||||
return self.password == password | |||||
if not argon2.identify(self.password): # Update existing clear-text password | |||||
self.password = argon2.using(rounds=4).hash(self.password) | |||||
DBSession.merge(self) | |||||
return argon2.verify(password, self.password) | |||||
class TiersOpt(Base): | class TiersOpt(Base): | ||||
__tablename__ = 'tiers_opt' | __tablename__ = 'tiers_opt' | ||||
@@ -33,6 +33,8 @@ import shutil | |||||
import glob | import glob | ||||
from jm2l.const import CurrentYear | from jm2l.const import CurrentYear | ||||
from passlib.hash import argon2 | |||||
## =-=- Here, We keep some usefull function -=-= | ## =-=- Here, We keep some usefull function -=-= | ||||
def remove_accents(input_str): | def remove_accents(input_str): | ||||
""" This function is intended to remove all accent from input unicode string """ | """ This function is intended to remove all accent from input unicode string """ | ||||
@@ -1155,7 +1157,7 @@ def Modal(request): | |||||
response = render_to_response('jm2l:templates/modals_js.mako', | response = render_to_response('jm2l:templates/modals_js.mako', | ||||
{'modtype':modtype}, | {'modtype':modtype}, | ||||
request=request) | request=request) | ||||
request.user.password = form.password.data | |||||
request.user.password = argon2.using(rounds=4).hash(form.password.data) | |||||
DBSession.merge(request.user) | DBSession.merge(request.user) | ||||
response.content_type = 'text/javascript' | response.content_type = 'text/javascript' | ||||
return response | return response | ||||
@@ -32,7 +32,9 @@ requires = [ | |||||
'pyramid_mailer', | 'pyramid_mailer', | ||||
'apscheduler', | 'apscheduler', | ||||
'qrcode', | 'qrcode', | ||||
'reportlab' | |||||
'reportlab', | |||||
'passlib', | |||||
'argon2_cffi' | |||||
] | ] | ||||
setup(name='JM2L', | setup(name='JM2L', | ||||