diff options
| author | Ziad Sawalha <gihub@highbridgellc.com> | 2011-06-19 10:17:22 -0700 |
|---|---|---|
| committer | Ziad Sawalha <gihub@highbridgellc.com> | 2011-06-19 10:17:22 -0700 |
| commit | d5ce05504bb08202d61c4dde23e39fc8f00618d7 (patch) | |
| tree | 38f6ddbf4bfed42a96d60c28839a54703d988b6b | |
| parent | dd280ec5ca9f3a533dc26ee094aaacdf4a03132c (diff) | |
| parent | b29ce66f03e9e785dedff692b893bfc5a7074a8c (diff) | |
| download | keystone-d5ce05504bb08202d61c4dde23e39fc8f00618d7.tar.gz keystone-d5ce05504bb08202d61c4dde23e39fc8f00618d7.tar.xz keystone-d5ce05504bb08202d61c4dde23e39fc8f00618d7.zip | |
Merge pull request #48 from yogirackspace/master
Making password hashable.
| -rwxr-xr-x | keystone/db/sqlalchemy/api/user.py | 8 | ||||
| -rwxr-xr-x | keystone/logic/service.py | 4 | ||||
| -rwxr-xr-x | keystone/test/unit/test_authentication.py | 2 | ||||
| -rw-r--r-- | keystone/utils.py | 8 |
4 files changed, 19 insertions, 3 deletions
diff --git a/keystone/db/sqlalchemy/api/user.py b/keystone/db/sqlalchemy/api/user.py index 9d2f901f..d3d31387 100755 --- a/keystone/db/sqlalchemy/api/user.py +++ b/keystone/db/sqlalchemy/api/user.py @@ -15,6 +15,7 @@ # License for the specific language governing permissions and limitations # under the License. +import keystone.utils as utils from keystone.db.sqlalchemy import get_session, models, aliased, joinedload def get_all(session=None): @@ -49,10 +50,16 @@ def tenant_group_delete(id, group_id, session=None): def create(values): user_ref = models.User() + check_and_use_hashed_password(values) user_ref.update(values) user_ref.save() return user_ref +def check_and_use_hashed_password(values): + if type(values) is dict and 'password' in values.keys(): + values['password'] = utils.get_hashed_password(values['password']) + elif type(values) is models.User: + values.password = utils.get_hashed_password(values.password) def get(id, session=None): if not session: @@ -143,6 +150,7 @@ def update(id, values, session=None): session = get_session() with session.begin(): user_ref = get(id, session) + check_and_use_hashed_password(values) user_ref.update(values) user_ref.save(session=session) diff --git a/keystone/logic/service.py b/keystone/logic/service.py index 382ebdde..b5786134 100755 --- a/keystone/logic/service.py +++ b/keystone/logic/service.py @@ -26,7 +26,7 @@ import keystone.logic.types.tenant as tenants import keystone.logic.types.role as roles import keystone.logic.types.user as get_users import keystone.logic.types.baseURL as baseURLs - +import keystone.utils as utils class IdentityService(object): "This is the logical implemenation of the Identity service" @@ -52,7 +52,7 @@ class IdentityService(object): if not duser.enabled: raise fault.UserDisabledFault("Your account has been disabled") - if duser.password != credentials.password: + if duser.password != utils.get_hashed_password(credentials.password): raise fault.UnauthorizedFault("Unauthorized") # diff --git a/keystone/test/unit/test_authentication.py b/keystone/test/unit/test_authentication.py index fb79c319..96bf271b 100755 --- a/keystone/test/unit/test_authentication.py +++ b/keystone/test/unit/test_authentication.py @@ -88,7 +88,7 @@ class AuthenticationTest(unittest.TestCase): self.assertTrue(resp['x-auth-token']) self.assertTrue(resp['x-server-management-url']) self.assertTrue(resp['x-storage-url']) - self.assertTrue(resp['x-cdn-management-url']) + self.assertTrue(resp['x-glance']) def test_a_authorize_user_disabled(self): header = httplib2.Http(".cache") diff --git a/keystone/utils.py b/keystone/utils.py index a72d40b6..eb90b326 100644 --- a/keystone/utils.py +++ b/keystone/utils.py @@ -22,6 +22,7 @@ import logging import os import routes import sys +import hashlib from webob import Response from webob import Request from webob import descriptors @@ -160,3 +161,10 @@ def send_legacy_result(code, headers): resp.content_type_params = {'charset': 'UTF-8'} return resp + +#Currently using sha1 to hash.Need to figure if there is an openstack standard.Not using salt val as of now. +def get_hashed_password(password): + if password != None and len(password) > 0: + return hashlib.sha1(password).hexdigest() + else: + return None
\ No newline at end of file |