def pw_form_cb(data): from beaker.crypto import pbkdf2 if self.change: # if changing password, check the old pw is right first uci_data = client.get(filter=filters.foris_config) password_hash = uci_data.find_child("uci.foris.auth.password") # allow changing the password if password_hash is empty if password_hash: password_hash = password_hash.value # crypt automatically extracts salt and iterations from formatted pw hash if password_hash != pbkdf2.crypt(data['old_password'], salt=password_hash): return "save_result", {'wrong_old_password': True} uci = Uci() foris = Config("foris") uci.add(foris) auth = Section("auth", "config") foris.add(auth) # use 48bit pseudo-random salt internally generated by pbkdf2 new_password_hash = pbkdf2.crypt(data['password'], iterations=1000) auth.add(Option("password", new_password_hash)) if data['set_system_pw'] is True: client.set_password("root", data['password']) return "edit_config", uci
def system_pw_form_cb(data): client.set_password("root", data["password"]) return "none", None