Ticket #4314: unicode-password.diff
File unicode-password.diff, 2.1 KB (added by , 18 years ago) |
---|
-
contrib/auth/models.py
2 2 from django.core.exceptions import ImproperlyConfigured 3 3 from django.db import backend, connection, models 4 4 from django.contrib.contenttypes.models import ContentType 5 from django.utils.encoding import smart_str 5 6 from django.utils.translation import ugettext_lazy, ugettext as _ 6 7 import datetime 7 8 import urllib … … 14 15 algo, salt, hsh = enc_password.split('$') 15 16 if algo == 'md5': 16 17 import md5 17 return hsh == md5.new(s alt+raw_password).hexdigest()18 return hsh == md5.new(smart_str(salt + raw_password)).hexdigest() 18 19 elif algo == 'sha1': 19 20 import sha 20 return hsh == sha.new(s alt+raw_password).hexdigest()21 return hsh == sha.new(smart_str(salt + raw_password)).hexdigest() 21 22 elif algo == 'crypt': 22 23 try: 23 24 import crypt 24 25 except ImportError: 25 26 raise ValueError, "Crypt password algorithm not supported in this environment." 26 return hsh == crypt.crypt( raw_password, salt)27 return hsh == crypt.crypt(smart_str(raw_password), smart_str(salt)) 27 28 raise ValueError, "Got unknown password algorithm type in password." 28 29 29 30 class SiteProfileNotAvailable(Exception): … … 153 154 import sha, random 154 155 algo = 'sha1' 155 156 salt = sha.new(str(random.random())).hexdigest()[:5] 156 hsh = sha.new(salt +raw_password).hexdigest()157 hsh = sha.new(salt + smart_str(raw_password)).hexdigest() 157 158 self.password = '%s$%s$%s' % (algo, salt, hsh) 158 159 159 160 def check_password(self, raw_password): … … 165 166 # algorithm or salt. 166 167 if '$' not in self.password: 167 168 import md5 168 is_correct = (self.password == md5.new( raw_password).hexdigest())169 is_correct = (self.password == md5.new(smart_str(raw_password)).hexdigest()) 169 170 if is_correct: 170 171 # Convert the password to the new, more secure format. 171 172 self.set_password(raw_password)