Hi again On Fri, 27 Dec 2002, Chris Withers wrote:
Adam Manock wrote:
On Mon, 2002-12-16 at 05:23, Bjørge Solli wrote:
I want to put my old loginmanager to rest and put something simple in. SimpleUserFolder sounds nice, but it seems to do the password matching itself, and since I have sha-crypted passwords, I need to match the passwords in encrypted format. Any ideas? If none, can u please tell me to *not* use SimpleUserFolder(perhaps you have an alternative as well?).
Have you tried it? It might just work on its own ;-)
It works fine if I use only sql with the easy table from createTable.sql and I copy all the tests/*.sql into my folder where the SUF-object is. I can also change the getUsers so it gets my correct users. But my roles are stored in different tables, and I have no good way of making a query returning on the format SUF understands(my sql-expert is working on it though;-) So what I have been trying is to make a pythonscript returning a dictionary on the prefered form; {'password':########, 'roles':[role1,role2]} In addition to this problem my encryption is different than the one normal userfolder standard, so I also change the encryption(basically I unhexlify it and encode it with binascii.b2a_base64. I also add the prefix '{SHA}' to the password after changing it.
From /lib/python/AccessControl/AuthEncoding.py I find that the SHA-scheme looks like this: class SHADigestScheme:
def encrypt(self, pw): return b2a_base64(sha.new(pw).digest())[:-1] def validate(self, reference, attempt): compare = b2a_base64(sha.new(attempt).digest())[:-1] return (compare == reference) registerScheme('SHA', SHADigestScheme()) I encrypt the password in this way: crypted = sha.new(plaintext).hexdigest() I change the passwords I get from my database in this way: prefiks = '{SHA}' passord = binascii.b2a_base64(binascii.unhexlify(crypted))[:-1] passwd = '%s%s' %(prefiks,passord) But this does not work! I really don't understand why! I also include the full sourcecode of my getUserDetails, it is partly written in norwegian, but u should understand everything important(many similar words). Parameter List: self, name import binascii student = 0 KursMedArbeider = 0 KursAns = 0 StudieVeileder = 0 passwd = '' roller = [] #finner passordet prefiks = '{SHA}' passord = binascii.b2a_base64(binascii.unhexlify(kryptert))[:-1] passwd = '%s%s' %(prefiks,passord) kryptertTab = self.SQL_findPasswd(email=name) for i in kryptertTab: kryptert = i[1] prefiks = '{SHA}' passord = binascii.b2a_base64(binascii.unhexlify(kryptert))[:-1] passwd = '%s%s' %(prefiks,passord) #passwd = passord if passwd == '': name = 'Anonymous User' #Sjekker om det er mr. anonymous :) if name == 'Anonymous User': roller.append('Anonymous') ret = {'password':passwd, 'roles':roller} return ret else: student = 1 # Sjekker om personen har roller fra personEmne rolleTab = self.SQL_RolesFromPersonEmne(email=name) for i in rolleTab: rolle = i[1] if rolle == 'KursMedArbeider': KursMedArbeider = 1 if rolle == 'KursAns': KursAns = 1 # Sjekker om personen har roller fra et institutt studieveilederTab = self.SQL_isStudieveileder(epost=name) for i in studieveilederTab: StudieVeileder = 1 rolleTab = self.SQL_RolesFromPersonRolle(email=name) for i in rolleTab: roller.append(i[1]) if student: roller.append('student') if KursMedArbeider: roller.append('KursMedArbeider') if KursAns: roller.append('KursAns') if StudieVeileder: roller.append('StudieVeileder') #slaa sammen svaret til en dict ret = {'password':passwd, 'roles':roller} return ret (yes importing binascii works!) Hope u see a terrible mistake I have done right away;-) One question I have asked is if it is possible to mix sql and py(?). And if u really do bother reading all this and help me, I am really greatfull! cheers Bjorge
Take a look in lib/python/AccessControl/AuthEncoding.py and see if your SHA stuff is supported there. If it is, Zope's normal userfolder stuff (and therefore SUF too) will use it if it can...
Lemme know how you get on, I'll help if things need changing to make it work...
cheers,
Chris
-- http://www.ii.uib.no/~bjorge/smile/Smiles -- Bjørge Solli - Universitas Bergensis, Norway mailto:Bjorge@Kvarteret.no icq#29210281 MSN:bobelloco@hotmail.com Møllendalsv.19, 5009 Bergen, Norway tel:+47 55202853/91614343