[Checkins] SVN: zope.password/trunk/ Maintain backwards compatibility to older hashes encoded with urlsafe.
Martijn Pieters
mj at zopatista.com
Sun Feb 20 10:35:05 EST 2011
Log message for revision 120470:
Maintain backwards compatibility to older hashes encoded with urlsafe.
Update documentation as well.
Changed:
U zope.password/trunk/CHANGES.txt
U zope.password/trunk/src/zope/password/password.py
-=-
Modified: zope.password/trunk/CHANGES.txt
===================================================================
--- zope.password/trunk/CHANGES.txt 2011-02-20 15:29:04 UTC (rev 120469)
+++ zope.password/trunk/CHANGES.txt 2011-02-20 15:35:05 UTC (rev 120470)
@@ -25,6 +25,9 @@
way. Checking passwards against old, still 'salted' password hashes is still
supported.
+- Use the standard_base64encode method instead of url_base64encode to maintain
+ compatibility with LDAP.
+
3.6.1 (2010-05-27)
------------------
Modified: zope.password/trunk/src/zope/password/password.py
===================================================================
--- zope.password/trunk/src/zope/password/password.py 2011-02-20 15:29:04 UTC (rev 120469)
+++ zope.password/trunk/src/zope/password/password.py 2011-02-20 15:35:05 UTC (rev 120470)
@@ -17,6 +17,7 @@
from base64 import standard_b64encode
from base64 import standard_b64decode
+from base64 import urlsafe_b64decode
from os import urandom
from codecs import getencoder
try:
@@ -152,13 +153,16 @@
return '{SSHA}' + standard_b64encode(hash.digest() + salt)
def checkPassword(self, encoded_password, password):
- # urlsafe_b64decode() cannot handle unicode input string. We
+ # standard_b64decode() cannot handle unicode input string. We
# encode to ascii. This is safe as the encoded_password string
# should not contain non-ascii characters anyway.
- encoded_password = encoded_password.encode('ascii')
- byte_string = standard_b64decode(encoded_password[6:])
+ encoded_password = encoded_password.encode('ascii')[6:]
+ if '_' in encoded_password or '-' in encoded_password:
+ # Encoded using urlsafe_b64encode
+ byte_string = urlsafe_b64decode(encoded_password)
+ byte_string = standard_b64decode(encoded_password)
salt = byte_string[20:]
- return encoded_password == self.encodePassword(password, salt)
+ return encoded_password == self.encodePassword(password, salt)[6:]
def match(self, encoded_password):
return encoded_password.startswith('{SSHA}')
More information about the checkins
mailing list