Ticket #273: auth.py.3.diff

auth.py

@@ -29 +29 @@
     first_name = meta.CharField(maxlength=30, blank=True)
     last_name = meta.CharField(maxlength=30, blank=True)
     email = meta.EmailField('e-mail address', blank=True)
-    password_md5 = meta.CharField('password', maxlength=32, help_text="Use an MD5 hash -- not the raw password.")
+    password = meta.CharField('password', maxlength=128, help_text="Use a hash like '[algo]$[salt]$[hexdigest]'")
     is_staff = meta.BooleanField('staff status', help_text="Designates whether the user can log into this admin site.")
     is_active = meta.BooleanField('active', default=True)
     is_superuser = meta.BooleanField('superuser status')
@@ -46 +46 @@
         exceptions = ('SiteProfileNotAvailable',)
         admin = meta.Admin(
             fields = (
-                (None, {'fields': ('username', 'password_md5')}),
+                (None, {'fields': ('username', 'password')}),
                 ('Personal info', {'fields': ('first_name', 'last_name', 'email')}),
                 ('Permissions', {'fields': ('is_staff', 'is_active', 'is_superuser', 'user_permissions')}),
                 ('Important dates', {'fields': ('last_login', 'date_joined')}),
@@ -59 +59 @@
 
     def __repr__(self):
         return self.username
-
+                
     def get_absolute_url(self):
         return "/users/%s/" % self.username
-
+                
     def is_anonymous(self):
         return False
-
+                
     def get_full_name(self):
         full_name = '%s %s' % (self.first_name, self.last_name)
         return full_name.strip()
-
+                
     def set_password(self, raw_password):
-        import md5
-        self.password_md5 = md5.new(raw_password).hexdigest()
+        import sha, random
+        algo = 'sha1'
+        salt = sha.new(str(random.random())).hexdigest()[:5]
+        hash = sha.new(salt+raw_password).hexdigest()
+        self.password = '%s$%s$%s' % (algo, salt, hash)
 
     def check_password(self, raw_password):
-        "Returns a boolean of whether the raw_password was correct."
-        import md5
-        return self.password_md5 == md5.new(raw_password).hexdigest()
+        '''Returns a boolean of whether the raw_password was correct,
+         while considering other encryption formats, and salt. A typical
+         password hash looks like <algo>$<salt>$<hash>'''
+        pass_string = self.password                     
+
+        (algo, salt, hash) = pass_string.split('$')
+        if algo == 'md5':
+            import md5
+            return hash == md5.new(salt+raw_password).hexdigest()
+        elif algo == 'sha1':
+            import sha
+            return hash == sha.new(salt+raw_password).hexdigest()
 
     def get_group_permissions(self):
         "Returns a list of permission strings that this user has through his/her groups."
@@ -156 +168 @@
 
     def _module_create_user(username, email, password):
         "Creates and saves a User with the given username, e-mail and password."
-        import md5
-        password_md5 = md5.new(password).hexdigest()
         now = datetime.datetime.now()
-        user = User(None, username, '', '', email.strip().lower(), password_md5, False, True, False, now, now)
+        user = User(None, username, '', '', email.strip().lower(), 'placeholder_string', False, True, False, now, now)
+        user.set_password(password)
         user.save()
         return user