[tg-tickets] [TurboGears] #2283: In model.auth.User, expose password-hashing mechanism

Wed, 18 Mar 2009 06:14:08 -0700 

#2283: In model.auth.User, expose password-hashing mechanism
-------------------------+--------------------------------------------------
 Reporter:  pitrou       |       Owner:        
     Type:  enhancement  |      Status:  new   
 Priority:  normal       |   Milestone:  2.0rc1
Component:  TurboGears   |     Version:  2.0b7 
 Severity:  normal       |    Keywords:        
-------------------------+--------------------------------------------------
 This is how I've modified the default XXX/model/auth.py in order to expose
 password hashing as a classmethod. This is so as to make it easier to
 generate hashed passwords from a Python prompt. Then, applications where
 the users list is known in advance can hardcode those users in the
 deployment scripts without any fear of leaking clear-text passwords :-)

 {{{
     @classmethod
     def hash_password(cls, password):
         """From a clear text password, return a hashed password."""
         hashed_password = password

         if isinstance(password, unicode):
             password_8bit = password.encode('UTF-8')
         else:
             password_8bit = password

         salt = sha1()
         salt.update(os.urandom(60))
         hash = sha1()
         hash.update(password_8bit + salt.hexdigest())
         hashed_password = salt.hexdigest() + hash.hexdigest()

         # make sure the hased password is an UTF-8 object at the end of
 the
         # process because SQLAlchemy _wants_ a unicode object for Unicode
 columns
         if not isinstance(hashed_password, unicode):
             hashed_password = hashed_password.decode('UTF-8')
         return hashed_password

     def _set_password(self, password):
         """Hash password on the fly."""
         self._password = self.hash_password(password)
 }}}

-- 
Ticket URL: <http://trac.turbogears.org/ticket/2283>
TurboGears <http://www.turbogears.org/>
TurboGears front-to-back web development

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google
Groups "TurboGears Tickets" group.
This group is read-only. No posting by normal members allowed.
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/turbogears-tickets?hl=en?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to