Merge branch 'fix/hash-password' of piernov/jm2l into master
This commit is contained in:
+7
-1
@@ -33,6 +33,8 @@ from sqlalchemy.orm import (
|
|||||||
from zope.sqlalchemy import ZopeTransactionExtension
|
from zope.sqlalchemy import ZopeTransactionExtension
|
||||||
from jm2l.const import CurrentYear
|
from jm2l.const import CurrentYear
|
||||||
|
|
||||||
|
from passlib.hash import argon2
|
||||||
|
|
||||||
DBSession = scoped_session(sessionmaker(extension=ZopeTransactionExtension()))
|
DBSession = scoped_session(sessionmaker(extension=ZopeTransactionExtension()))
|
||||||
Base = declarative_base()
|
Base = declarative_base()
|
||||||
|
|
||||||
@@ -247,7 +249,11 @@ class User(Base):
|
|||||||
return MediaPath().get_thumb('users', self.uid)
|
return MediaPath().get_thumb('users', self.uid)
|
||||||
|
|
||||||
def verify_password(self, password):
|
def verify_password(self, password):
|
||||||
return self.password == password
|
if not argon2.identify(self.password): # Update existing clear-text password
|
||||||
|
self.password = argon2.using(rounds=4).hash(self.password)
|
||||||
|
DBSession.merge(self)
|
||||||
|
|
||||||
|
return argon2.verify(password, self.password)
|
||||||
|
|
||||||
class TiersOpt(Base):
|
class TiersOpt(Base):
|
||||||
__tablename__ = 'tiers_opt'
|
__tablename__ = 'tiers_opt'
|
||||||
|
|||||||
+3
-1
@@ -33,6 +33,8 @@ import shutil
|
|||||||
import glob
|
import glob
|
||||||
from jm2l.const import CurrentYear
|
from jm2l.const import CurrentYear
|
||||||
|
|
||||||
|
from passlib.hash import argon2
|
||||||
|
|
||||||
## =-=- Here, We keep some usefull function -=-=
|
## =-=- Here, We keep some usefull function -=-=
|
||||||
def remove_accents(input_str):
|
def remove_accents(input_str):
|
||||||
""" This function is intended to remove all accent from input unicode string """
|
""" This function is intended to remove all accent from input unicode string """
|
||||||
@@ -1155,7 +1157,7 @@ def Modal(request):
|
|||||||
response = render_to_response('jm2l:templates/modals_js.mako',
|
response = render_to_response('jm2l:templates/modals_js.mako',
|
||||||
{'modtype':modtype},
|
{'modtype':modtype},
|
||||||
request=request)
|
request=request)
|
||||||
request.user.password = form.password.data
|
request.user.password = argon2.using(rounds=4).hash(form.password.data)
|
||||||
DBSession.merge(request.user)
|
DBSession.merge(request.user)
|
||||||
response.content_type = 'text/javascript'
|
response.content_type = 'text/javascript'
|
||||||
return response
|
return response
|
||||||
|
|||||||
Reference in New Issue
Block a user