projects / mediagoblin.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 744f1c8)
moved bcrypt_check_password to basic_auth/tools from auth/lib
authorRodney Ewing <ewing.rj@gmail.com>
Wed, 15 May 2013 00:14:48 +0000 (17:14 -0700)
committerRodney Ewing <ewing.rj@gmail.com>
Fri, 24 May 2013 23:52:48 +0000 (16:52 -0700)
mediagoblin/auth/__init__.py patch | blob | blame | history
mediagoblin/auth/lib.py patch | blob | blame | history
mediagoblin/auth/views.py patch | blob | blame | history
mediagoblin/db/mixin.py patch | blob | blame | history
mediagoblin/edit/views.py patch | blob | blame | history
mediagoblin/plugins/basic_auth/__init__.py patch | blob | blame | history

diff --git a/mediagoblin/auth/__init__.py b/mediagoblin/auth/__init__.py
index 2460c048ef05f17e70b99a3dc37e7525b391d6ac..abb18d2d7acd02666918f444e1ccb0b4bb65ccdc 100644 (file)
--- a/mediagoblin/auth/__init__.py
+++ b/mediagoblin/auth/__init__.py
@@ -16,8 +16,8 @@
 from mediagoblin.tools.pluginapi import hook_handle
 
 
-def check_login(user, login_form):
-    return hook_handle("auth_check_login", user, login_form)
+def check_login(user, password):
+    return hook_handle("auth_check_login", user, password)
 
 
 def get_user(*args):
diff --git a/mediagoblin/auth/lib.py b/mediagoblin/auth/lib.py
index 6ce23f5b50b7a9e89fd23ab3783a8f2cfcb5afe4..1a9416fc6fc6e015b0bd5a7ffed041d66a5ef3d4 100644 (file)
--- a/mediagoblin/auth/lib.py
+++ b/mediagoblin/auth/lib.py
@@ -23,38 +23,6 @@ from mediagoblin.tools.template import render_template
 from mediagoblin import mg_globals
 
 
-def bcrypt_check_password(raw_pass, stored_hash, extra_salt=None):
-    """
-    Check to see if this password matches.
-
-    Args:
-    - raw_pass: user submitted password to check for authenticity.
-    - stored_hash: The hash of the raw password (and possibly extra
-      salt) to check against
-    - extra_salt: (optional) If this password is with stored with a
-      non-database extra salt (probably in the config file) for extra
-      security, factor this into the check.
-
-    Returns:
-      True or False depending on success.
-    """
-    if extra_salt:
-        raw_pass = u"%s:%s" % (extra_salt, raw_pass)
-
-    hashed_pass = bcrypt.hashpw(raw_pass.encode('utf-8'), stored_hash)
-
-    # Reduce risk of timing attacks by hashing again with a random
-    # number (thx to zooko on this advice, which I hopefully
-    # incorporated right.)
-    #
-    # See also:
-    rand_salt = bcrypt.gensalt(5)
-    randplus_stored_hash = bcrypt.hashpw(stored_hash, rand_salt)
-    randplus_hashed_pass = bcrypt.hashpw(hashed_pass, rand_salt)
-
-    return randplus_stored_hash == randplus_hashed_pass
-
-
 def bcrypt_gen_password_hash(raw_pass, extra_salt=None):
     """
     Generate a salt for this new password.
diff --git a/mediagoblin/auth/views.py b/mediagoblin/auth/views.py
index 811bb157c3f0bb7f7130e8139a36f380cd252dc5..b13efebc18a9e9bff2719d06d5495c9745a23c2b 100644 (file)
--- a/mediagoblin/auth/views.py
+++ b/mediagoblin/auth/views.py
@@ -105,7 +105,7 @@ def login(request):
         if login_form.validate():
             user = auth.get_user(login_form)
 
-            if user and auth.check_login(user, login_form):
+            if user and auth.check_login(user, login_form.password.data):
                 # set up login in session
                 request.session['user_id'] = unicode(user.id)
                 request.session.save()
diff --git a/mediagoblin/db/mixin.py b/mediagoblin/db/mixin.py
index e7f66fa1e8ce21478c07db171014d220f0efbe07..2f41292b5d4946b9db8bd29cd99c0c7743e2273e 100644 (file)
--- a/mediagoblin/db/mixin.py
+++ b/mediagoblin/db/mixin.py
@@ -34,7 +34,7 @@ import datetime
 from werkzeug.utils import cached_property
 
 from mediagoblin import mg_globals
-from mediagoblin.auth import lib as auth_lib
+from mediagoblin import auth
 from mediagoblin.media_types import get_media_managers, FileTypeNotSupported
 from mediagoblin.tools import common, licenses
 from mediagoblin.tools.text import cleaned_markdown_conversion
@@ -46,8 +46,7 @@ class UserMixin(object):
         """
         See if a user can login with this password
         """
-        return auth_lib.bcrypt_check_password(
-            password, self.pw_hash)
+        return auth.check_login(self, password)
 
     @property
     def bio_html(self):
diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py
index 508c380d400334f778db50adde10518c688c0344..ad3cbaca196c1d197d4baaf358e23f40352d78b6 100644 (file)
--- a/mediagoblin/edit/views.py
+++ b/mediagoblin/edit/views.py
@@ -23,6 +23,7 @@ from mediagoblin import messages
 from mediagoblin import mg_globals
 
 from mediagoblin.auth import lib as auth_lib
+from mediagoblin import auth
 from mediagoblin.edit import forms
 from mediagoblin.edit.lib import may_edit_media
 from mediagoblin.decorators import (require_active_login, active_user_from_url,
diff --git a/mediagoblin/plugins/basic_auth/__init__.py b/mediagoblin/plugins/basic_auth/__init__.py
index a3539738cc7b7762693fa81bb1165af5dba8be17..68e331ffb626484f72b02cd969fac42fb5435169 100644 (file)
--- a/mediagoblin/plugins/basic_auth/__init__.py
+++ b/mediagoblin/plugins/basic_auth/__init__.py
@@ -17,6 +17,7 @@ import os
 import uuid
 
 import forms as auth_forms
+import tools as auth_tools
 from mediagoblin.auth import lib as auth_lib
 from mediagoblin.db.models import User
 from mediagoblin.tools.translate import pass_to_ugettext as _
@@ -28,8 +29,8 @@ def setup_plugin():
     config = pluginapi.get_config('mediagoblin.pluginapi.basic_auth')
 
 
-def check_login(user, login_form):
-    return user.check_login(login_form.password.data)
+def check_login(user, password):
+    return auth_tools.bcrypt_check_password(password, user.pw_hash)
 
 
 def get_user(login_form):
Unnamed repository; edit this file 'description' to name the repository.