acl_users and encrypted passwords
When you encrypt your passwords in an acl_users User Folder, is there a way to check that the old password is correct? I'm building an app that allows the user to change her password with the usual form of: Old: ________ New: ________ Confirm: ________ -- Peter Bengtsson, work www.fry-it.com home www.peterbe.com hobby www.issuetrackerproduct.com fun crosstips.org
On 07.08.09 16:26, Peter Bengtsson wrote:
When you encrypt your passwords in an acl_users User Folder, is there a way to check that the old password is correct? I'm building an app that allows the user to change her password with the usual form of: Old: ________ New: ________ Confirm: ________
You has the 'old' password using the same algorithm and compare it against the stored password hash. Look the AccessControl API of Zope. -aj
No, it's different every time. Consider this:: def _doAddUser(self, name, password, roles, domains, **kw): """Create a new user""" ... if password is not None and self.encrypt_passwords: print "\tself._encryptPassword('word')=", repr(self._encryptPassword('word')) print "\tself._encryptPassword('word')=", repr(self._encryptPassword('word')) print "\tself._encryptPassword('word')=", repr(self._encryptPassword('word')) When running this you get this output:: self._encryptPassword('word')= '{SSHA}dxZSdvO5CiaMbDuCC0mAreI0R6nqc5RyYFGo' self._encryptPassword('word')= '{SSHA}pup1PWzONwMnGXk/itXd6rhySF8MOuI57SO6' self._encryptPassword('word')= '{SSHA}HGRxMfi9J7uGK8tfHvuMWfIbNghvu+Z2hb7a' 2009/8/7 Andreas Jung <lists@zopyx.com>:
On 07.08.09 16:26, Peter Bengtsson wrote:
When you encrypt your passwords in an acl_users User Folder, is there a way to check that the old password is correct? I'm building an app that allows the user to change her password with the usual form of: Old: ________ New: ________ Confirm: ________
You has the 'old' password using the same algorithm and compare it against the stored password hash. Look the AccessControl API of Zope.
-aj
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
-- Peter Bengtsson, work www.fry-it.com home www.peterbe.com hobby www.issuetrackerproduct.com fun crosstips.org
On 07.08.09 17:10, Peter Bengtsson wrote:
No, it's different every time.
Using private methods is unlikely the road to success. There is some official method with *validate* or something similar.. In addition: if you call the low-level methods blindly, you must take the 'salt' into account. -aj
On 07.08.09 17:22, Andreas Jung wrote:
On 07.08.09 17:10, Peter Bengtsson wrote:
No, it's different every time.
Using private methods is unlikely the road to success. There is some official method with *validate* or something similar.. In addition: if you call the low-level methods blindly, you must take the 'salt' into account.
AuthEncoding.pw_validate() is likely what you are searching for. -aj
2009/8/7 Andreas Jung <lists@zopyx.com>:
On 07.08.09 17:22, Andreas Jung wrote:
On 07.08.09 17:10, Peter Bengtsson wrote:
No, it's different every time.
Using private methods is unlikely the road to success. There is some official method with *validate* or something similar.. In addition: if you call the low-level methods blindly, you must take the 'salt' into account.
AuthEncoding.pw_validate() is likely what you are searching for.
That was the one! THanks for the tip
-aj
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
-- Peter Bengtsson, work www.fry-it.com home www.peterbe.com hobby www.issuetrackerproduct.com fun crosstips.org
participants (2)
-
Andreas Jung -
Peter Bengtsson