diff options
| author | Jenkins <jenkins@review.openstack.org> | 2012-11-01 02:07:50 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2012-11-01 02:07:50 +0000 |
| commit | 2e4d7e5ff50f3799152ed1b9fbfb088f0154194f (patch) | |
| tree | cd0e2137d83bfd886bc8f961fe55a29a1332e7e2 | |
| parent | 23bb7ec4986fafa90b3fe2b4dfb37739e6637d4a (diff) | |
| parent | 0d02e127be781e38b23702f01c3b1a6d7316c22a (diff) | |
Merge "move hashing user password functions to common/utils"
| -rw-r--r-- | keystone/common/utils.py | 20 | ||||
| -rw-r--r-- | keystone/identity/backends/kvs.py | 11 | ||||
| -rw-r--r-- | keystone/identity/backends/ldap/core.py | 12 | ||||
| -rw-r--r-- | keystone/identity/backends/sql.py | 11 |
4 files changed, 26 insertions, 28 deletions
diff --git a/keystone/common/utils.py b/keystone/common/utils.py index 62bb521e..b8da7348 100644 --- a/keystone/common/utils.py +++ b/keystone/common/utils.py @@ -154,6 +154,26 @@ def trunc_password(password): return password +def hash_user_password(user): + """Hash a user dict's password without modifying the passed-in dict""" + try: + password = user['password'] + except KeyError: + return user + else: + return dict(user, password=hash_password(password)) + + +def hash_ldap_user_password(user): + """Hash a user dict's password without modifying the passed-in dict""" + try: + password = user['password'] + except KeyError: + return user + else: + return dict(user, password=ldap_hash_password(password)) + + def hash_password(password): """Hash a password. Hard.""" password_utf8 = trunc_password(password).encode('utf-8') diff --git a/keystone/identity/backends/kvs.py b/keystone/identity/backends/kvs.py index c3ba2e5b..9e7062ee 100644 --- a/keystone/identity/backends/kvs.py +++ b/keystone/identity/backends/kvs.py @@ -22,13 +22,6 @@ from keystone import identity from keystone.identity import filter_user -def _ensure_hashed_password(user_ref): - pw = user_ref.get('password', None) - if pw is not None: - user_ref['password'] = utils.hash_password(pw) - return user_ref - - class Identity(kvs.Base, identity.Driver): # Public interface def authenticate(self, user_id=None, tenant_id=None, password=None): @@ -206,7 +199,7 @@ class Identity(kvs.Base, identity.Driver): msg = 'Duplicate name, %s.' % user['name'] raise exception.Conflict(type='user', details=msg) - user = _ensure_hashed_password(user) + user = utils.hash_user_password(user) self.db.set('user-%s' % user_id, user) self.db.set('user_name-%s' % user['name'], user) user_list = set(self.db.get('user_list', [])) @@ -227,7 +220,7 @@ class Identity(kvs.Base, identity.Driver): except exception.NotFound: raise exception.UserNotFound(user_id=user_id) new_user = old_user.copy() - user = _ensure_hashed_password(user) + user = utils.hash_user_password(user) new_user.update(user) if new_user['id'] != user_id: raise exception.ValidationError('Cannot change user ID') diff --git a/keystone/identity/backends/ldap/core.py b/keystone/identity/backends/ldap/core.py index 51dd9b08..5426e452 100644 --- a/keystone/identity/backends/ldap/core.py +++ b/keystone/identity/backends/ldap/core.py @@ -33,14 +33,6 @@ from keystone.identity import filter_user CONF = config.CONF -def _ensure_hashed_password(user_ref): - pw = user_ref.get('password', None) - if pw is not None: - pw = utils.ldap_hash_password(pw) - user_ref['password'] = pw - return user_ref - - class Identity(identity.Driver): def __init__(self): super(Identity, self).__init__() @@ -366,7 +358,7 @@ class UserApi(common_ldap.BaseLdap, ApiShimMixin): def create(self, values): self.affirm_unique(values) - _ensure_hashed_password(values) + values = utils.hash_ldap_user_password(values) values = super(UserApi, self).create(values) tenant_id = values.get('tenant_id') if tenant_id is not None: @@ -393,7 +385,7 @@ class UserApi(common_ldap.BaseLdap, ApiShimMixin): if new_tenant: self.tenant_api.add_user(new_tenant, id) - _ensure_hashed_password(values) + values = utils.hash_ldap_user_password(values) super(UserApi, self).update(id, values, old_obj) def delete(self, id): diff --git a/keystone/identity/backends/sql.py b/keystone/identity/backends/sql.py index 69c6aab3..36f153cd 100644 --- a/keystone/identity/backends/sql.py +++ b/keystone/identity/backends/sql.py @@ -26,13 +26,6 @@ from keystone import identity from keystone.identity import filter_user -def _ensure_hashed_password(user_ref): - pw = user_ref.get('password', None) - if pw is not None: - user_ref['password'] = utils.hash_password(pw) - return user_ref - - def handle_conflicts(type='object'): """Converts IntegrityError into HTTP 409 Conflict.""" def decorator(method): @@ -347,7 +340,7 @@ class Identity(sql.Base, identity.Driver): @handle_conflicts(type='user') def create_user(self, user_id, user): user['name'] = clean.user_name(user['name']) - user = _ensure_hashed_password(user) + user = utils.hash_user_password(user) session = self.get_session() with session.begin(): user_ref = User.from_dict(user) @@ -367,7 +360,7 @@ class Identity(sql.Base, identity.Driver): if user_ref is None: raise exception.UserNotFound(user_id=user_id) old_user_dict = user_ref.to_dict() - user = _ensure_hashed_password(user) + user = utils.hash_user_password(user) for k in user: old_user_dict[k] = user[k] new_user = User.from_dict(old_user_dict) |