def post(self, request, *args, **kwargs): serializer = self.get_serializer(data=request.data) try: serializer.is_valid(raise_exception=True) except TokenError as e: logger.warning( _("Failed connection attempt from '%s' as user '%s'"), request.META["REMOTE_ADDR"], escape(serializer.data["username"]) ) raise InvalidToken(e.args[0]) user = serializer.user logger.info( _("User '%s' successfully logged in"), user.username ) if user and user.is_active: condition = ( user.is_local and param_tools.get_global_parameter( "update_scheme", raise_exception=False) ) if condition: # check if password scheme is correct scheme = param_tools.get_global_parameter( "password_scheme", raise_exception=False) # use SHA512CRYPT as default fallback if scheme is None: pwhash = get_password_hasher("sha512crypt")() else: pwhash = get_password_hasher(scheme)() if not user.password.startswith(pwhash.scheme): logger.info( _("Password scheme mismatch. Updating %s password"), user.username ) user.set_password(request.data["password"]) user.save() if pwhash.needs_rehash(user.password): logger.info( _("Password hash parameter missmatch. " "Updating %s password"), user.username ) user.set_password(serializer.data["password"]) user.save() return response.Response( serializer.validated_data, status=status.HTTP_200_OK)
def test_password_schemes(self): """Validate password scheme changes.""" username = "******" password = "******" data = {"username": username, "password": password} user = models.User.objects.get(username=username) pw_hash = get_password_hasher('fallback_scheme')() self.client.logout() self.set_global_parameter("password_scheme", "sha512crypt") self.client.post(reverse("core:login"), data) user.refresh_from_db() self.assertTrue(user.password.startswith("{SHA512-CRYPT}")) self.client.logout() self.set_global_parameter("password_scheme", "sha256") self.client.post(reverse("core:login"), data) user.refresh_from_db() self.assertTrue(user.password.startswith("{SHA256}")) self.client.logout() self.set_global_parameter("password_scheme", "fallback_scheme") self.client.post(reverse("core:login"), data) user.refresh_from_db() self.assertTrue(user.password.startswith(pw_hash.scheme)) self.client.logout() self.set_global_parameter("password_scheme", "sha256crypt") self.set_global_parameter("update_scheme", False) self.client.post(reverse("core:login"), data) user.refresh_from_db() self.assertTrue(user.password.startswith(pw_hash.scheme))
def _crypt_password(self, clearpassword): """Overidding of the crypt_password function (LDAP compliant) :param clearpassword: the clear password :return: the encrypted password """ scheme = self.global_params["password_scheme"] hasher = get_password_hasher(scheme.upper())("ldap") return hasher.encrypt(clearpassword)
def _crypt_password(self, clearpassword): """Overidding of the crypt_password function (LDAP compliant) :param clearpassword: the clear password :return: the encrypted password """ scheme = parameters.get_admin("PASSWORD_SCHEME", app="core") hasher = get_password_hasher(scheme.upper())('ldap') return hasher.encrypt(clearpassword)
def check_password(self, raw_value): """Compare raw_value to current password.""" match = self.password_expr.match(self.password) if match is None: return False raw_value = force_str(raw_value) scheme = match.group(1) val2 = match.group(2) hasher = get_password_hasher(scheme) return hasher().verify(raw_value, val2)
def check_password(self, raw_value): match = self.password_expr.match(self.password) if match is None: return False if type(raw_value) is unicode: raw_value = raw_value.encode("utf-8") scheme = match.group(1) val2 = match.group(2) hasher = get_password_hasher(scheme) return hasher().verify(raw_value, val2)
def check_password(self, raw_value): match = self.password_expr.match(self.password) if match is None: return False if isinstance(raw_value, unicode): raw_value = raw_value.encode("utf-8") scheme = match.group(1) val2 = match.group(2) hasher = get_password_hasher(scheme) return hasher().verify(raw_value, val2)
def check_password(self, raw_value): """Compare raw_value to current password.""" match = self.password_expr.match(self.password) if match is None: return False if isinstance(raw_value, unicode): raw_value = raw_value.encode("utf-8") scheme = match.group(1) val2 = match.group(2) hasher = get_password_hasher(scheme) return hasher().verify(raw_value, val2)
def _crypt_password(self, raw_value): """Crypt the local password using the appropriate scheme. In case we don't find the scheme (for example when the management framework is used), we load the parameters and try one more time. """ scheme = param_tools.get_global_parameter( "password_scheme", raise_exception=False) if scheme is None: from modoboa.core.apps import load_core_settings load_core_settings() scheme = param_tools.get_global_parameter( "password_scheme", raise_exception=False) raw_value = smart_bytes(raw_value) return get_password_hasher(scheme.upper())().encrypt(raw_value)
def _crypt_password(self, raw_value): """Crypt the local password using the appropriate scheme. In case we don't find the scheme (for example when the management framework is used), we load the parameters and try one more time. """ scheme = param_tools.get_global_parameter("password_scheme", raise_exception=False) if scheme is None: from modoboa.core.apps import load_core_settings load_core_settings() scheme = param_tools.get_global_parameter("password_scheme", raise_exception=False) raw_value = smart_bytes(raw_value) return get_password_hasher(scheme.upper())().encrypt(raw_value)
def _crypt_password(self, raw_value): """Crypt the local password using the appropriate scheme. In case we don't find the scheme (for example when the management framework is used), we load the parameters and try one more time. """ try: scheme = parameters.get_admin("PASSWORD_SCHEME") except parameters.NotDefined: from modoboa.core import load_core_settings load_core_settings() scheme = parameters.get_admin("PASSWORD_SCHEME") if isinstance(raw_value, unicode): raw_value = raw_value.encode("utf-8") return get_password_hasher(scheme.upper())().encrypt(raw_value)
def dologin(request): """Try to authenticate.""" error = None if request.method == "POST": form = forms.LoginForm(request.POST) if form.is_valid(): logger = logging.getLogger("modoboa.auth") user = authenticate(username=form.cleaned_data["username"], password=form.cleaned_data["password"]) if user and user.is_active: if param_tools.get_global_parameter("update_scheme", raise_exception=False): # check if password scheme is correct scheme = param_tools.get_global_parameter( "password_scheme", raise_exception=False) # use SHA512CRYPT as default fallback if scheme is None: pwhash = get_password_hasher('sha512crypt')() else: pwhash = get_password_hasher(scheme)() if not user.password.startswith(pwhash.scheme): logging.info( _("Password scheme mismatch. Updating %s password"), user.username ) user.set_password(form.cleaned_data["password"]) user.save() if pwhash.needs_rehash(user.password): logging.info( _("Password hash parameter missmatch. " "Updating %s password"), user.username ) user.set_password(form.cleaned_data["password"]) user.save() login(request, user) if not form.cleaned_data["rememberme"]: request.session.set_expiry(0) translation.activate(request.user.language) request.session[translation.LANGUAGE_SESSION_KEY] = ( request.user.language) logger.info( _("User '%s' successfully logged in") % user.username ) signals.user_login.send( sender="dologin", username=form.cleaned_data["username"], password=form.cleaned_data["password"]) return HttpResponseRedirect(find_nextlocation(request, user)) error = _( "Your username and password didn't match. Please try again.") logger.warning( "Failed connection attempt from '%(addr)s' as user '%(user)s'" % {"addr": request.META["REMOTE_ADDR"], "user": form.cleaned_data["username"]} ) nextlocation = request.POST.get("next", "") httpcode = 401 else: form = forms.LoginForm() nextlocation = request.GET.get("next", "") httpcode = 200 announcements = signals.get_announcements.send( sender="login", location="loginpage") announcements = [announcement[1] for announcement in announcements] return HttpResponse( render_to_string( "registration/login.html", { "form": form, "error": error, "next": nextlocation, "annoucements": announcements}, request), status=httpcode)
def _crypt_password(self, raw_value): scheme = parameters.get_admin("PASSWORD_SCHEME") if type(raw_value) is unicode: raw_value = raw_value.encode("utf-8") return get_password_hasher(scheme.upper())().encrypt(raw_value)