def add(self, userid, login, cleartext_password, groups=None):
self._upgrade()
salt = get_random_string()
encrypted_password = pbkdf2(cleartext_password, salt)
if groups is None:
groups = []
newgroups = set()
for group in groups:
group = self._convert(group)
newgroups.add(group)
userid = self._convert(userid)
login = self._convert(login)
info = {
'login': login,
'id': userid,
'salt': salt,
'password': encrypted_password,
'groups': newgroups
}
if userid in self.data:
raise ValueError('User ID "%s" already exists' % userid)
if login in self.logins:
raise ValueError('Login "%s" already exists' % login)
self.logins[login] = userid
self.data[userid] = info
for group in newgroups:
userids = self.groups.get(group, set())
self.groups[group] = userids # trigger persistence
userids.add(userid)
def __init__(self, path, ct, size):
from karl.utils import get_random_string
self.code = get_random_string(25)
self.blob = Blob()
self.path = path
self.ct = ct
self.size = size
def check_password(self, password, userid=None, login=None):
if userid is None and login is None:
raise ValueError("Must provide userid or login")
if userid is not None:
user = self.get(userid=userid)
else:
login = self._convert(login)
userid = self.logins.get(login)
user = self.get(login=login)
if user['password'].startswith('SHA1:'):
# old style password, need to upgrade but will check it first
enc_password = get_sha_password(password)
if strings_same(enc_password, user['password']):
# upgrade this password...
salt = get_random_string()
user.update({'password': pbkdf2(password, salt), 'salt': salt})
self.data[userid] = user # trigger persistence
return True
else:
return False
else:
# should be 'pbkdf2' encrypted now
return strings_same(pbkdf2(password, user['salt']),
user['password'])
def add(self, userid, login, cleartext_password, groups=None):
self._upgrade()
salt = get_random_string()
encrypted_password = pbkdf2(cleartext_password, salt)
if groups is None:
groups = []
newgroups = set()
for group in groups:
group = self._convert(group)
newgroups.add(group)
userid = self._convert(userid)
login = self._convert(login)
info = {
'login': login,
'id': userid,
'salt': salt,
'password': encrypted_password,
'groups': newgroups}
if userid in self.data:
raise ValueError('User ID "%s" already exists' % userid)
if login in self.logins:
raise ValueError('Login "%s" already exists' % login)
self.logins[login] = userid
self.data[userid] = info
for group in newgroups:
userids = self.groups.get(group, set())
self.groups[group] = userids # trigger persistence
userids.add(userid)
def check_password(self, password, userid=None, login=None):
if userid is None and login is None:
raise ValueError("Must provide userid or login")
if userid is not None:
user = self.get(userid=userid)
else:
login = self._convert(login)
userid = self.logins.get(login)
user = self.get(login=login)
if user['password'].startswith('SHA1:'):
# old style password, need to upgrade but will check it first
enc_password = get_sha_password(password)
if strings_same(enc_password, user['password']):
# upgrade this password...
salt = get_random_string()
user.update({
'password': pbkdf2(password, salt),
'salt': salt
})
self.data[userid] = user # trigger persistence
return True
else:
return False
else:
# should be 'pbkdf2' encrypted now
return strings_same(
pbkdf2(password, user['salt']),
user['password'])
def change_password(self, userid, password):
self._upgrade()
userid = self._convert(userid)
info = self.data[userid]
if 'salt' not in info:
info['salt'] = get_random_string()
self.data[userid] = info # trigger persistence
info['password'] = pbkdf2(password, info['salt'])
def change_password(self, userid, password):
self._upgrade()
userid = self._convert(userid)
info = self.data[userid]
if 'salt' not in info:
info['salt'] = get_random_string()
self.data[userid] = info # trigger persistence
info['password'] = pbkdf2(password, info['salt'])
