Merge c6871c5510 into 00a4d22dd9

2017-04-19 02:44:36 +00:00 · 2017-04-19 02:44:36 +00:00 · a7d4ff905b
parent 00a4d22dd9 c6871c5510
commit a7d4ff905b
4 changed files with 18 additions and 2 deletions
--- a/conf/attributes.yml
+++ b/conf/attributes.yml
@ -118,6 +118,7 @@ password:
    weight: 31
    self: True
    type: password
+#    hash: ldap_sha512_crypt
    backends:
        ldap: userPassword
 #        ad: unicodePwd
--- a/ldapcherry/init.py
+++ b/ldapcherry/init.py
@ -33,6 +33,9 @@ from mako import lookup
 from mako import exceptions
 from sets import Set

+# passlib hash password module import
+from passlib.context import CryptContext
+
 SESSION_KEY = '_cp_username'


@ -654,7 +657,12 @@ class LdapCherry(object):
                    raise PasswordMissMatch()
                if not self._checkppolicy(params['attrs'][pwd1])['match']:
                    raise PPolicyError()
-                params['attrs'][attr] = params['attrs'][pwd1]
+                hash_type = self.attributes.attributes[attr].get('hash')
+                if hash_type:
+                    ctx = CryptContext(schemes=[hash_type])
+                    params['attrs'][attr] = ctx.encrypt(params['attrs'][pwd1])
+                else:
+                    params['attrs'][attr] = params['attrs'][pwd1]
            if attr in params['attrs']:
                self.attributes.check_attr(attr, params['attrs'][attr])
                backends = self.attributes.get_backends_attributes(attr)
@ -720,7 +728,12 @@ class LdapCherry(object):
                                params['attrs'][pwd1]
                                )['match']:
                        raise PPolicyError()
-                    params['attrs'][attr] = params['attrs'][pwd1]
+                    hash_type = self.attributes.attributes[attr].get('hash')
+                    if hash_type:
+                        ctx = CryptContext(schemes=[hash_type])
+                        params['attrs'][attr] = ctx.encrypt(params['attrs'][pwd1])
+                    else:
+                        params['attrs'][attr] = params['attrs'][pwd1]
            if attr in params['attrs'] and params['attrs'][attr] != '':
                self.attributes.check_attr(attr, params['attrs'][attr])
                backends = self.attributes.get_backends_attributes(attr)
--- a/requirements.txt
+++ b/requirements.txt
@ -2,3 +2,4 @@ CherryPy>=3.0.0
 PyYAML
 Mako
 python-ldap
+passlib
--- a/setup.py
+++ b/setup.py
@ -25,6 +25,7 @@ if sys.version_info[0] == 2:
    install_requires = [
        'CherryPy >= 3.0.0',
        'python-ldap',
+        'passlib',
        'PyYAML',
        'Mako'
        ],