diff options
| -rw-r--r-- | keystone/common/utils.py | 5 | ||||
| -rw-r--r-- | tests/test_import_legacy.py | 21 |
2 files changed, 22 insertions, 4 deletions
diff --git a/keystone/common/utils.py b/keystone/common/utils.py index 9c52b93f..b5269bed 100644 --- a/keystone/common/utils.py +++ b/keystone/common/utils.py @@ -143,7 +143,10 @@ class Ec2Signer(object): def hash_password(password): """Hash a password. Hard.""" - h = passlib.hash.sha512_crypt.encrypt(password.encode('utf-8'), + password_utf8 = password.encode('utf-8') + if passlib.hash.sha512_crypt.identify(password_utf8): + return password_utf8 + h = passlib.hash.sha512_crypt.encrypt(password_utf8, rounds=CONF.crypt_strength) return h diff --git a/tests/test_import_legacy.py b/tests/test_import_legacy.py index 05517985..2db34cb8 100644 --- a/tests/test_import_legacy.py +++ b/tests/test_import_legacy.py @@ -44,21 +44,36 @@ class ImportLegacy(test.TestCase): migration = legacy.LegacyMigration('sqlite:///%s' % db_path) migration.migrate_all() - user_ref = self.identity_api.get_user('1') + admin_id = '1' + user_ref = self.identity_api.get_user(admin_id) self.assertEquals(user_ref['name'], 'admin') + # check password hashing + user_ref, tenant_ref, metadata_ref = self.identity_api.authenticate( + user_id=admin_id, password='secrete') + def test_import_diablo(self): db_path = self.setup_old_database('legacy_diablo.sqlite') migration = legacy.LegacyMigration('sqlite:///%s' % db_path) migration.migrate_all() - user_ref = self.identity_api.get_user('1') + admin_id = '1' + user_ref = self.identity_api.get_user(admin_id) self.assertEquals(user_ref['name'], 'admin') + # check password hashing + user_ref, tenant_ref, metadata_ref = self.identity_api.authenticate( + user_id=admin_id, password='secrete') + def test_import_essex(self): db_path = self.setup_old_database('legacy_essex.sqlite') migration = legacy.LegacyMigration('sqlite:///%s' % db_path) migration.migrate_all() - user_ref = self.identity_api.get_user('c93b19ea3fa94484824213db8ac0afce') + admin_id = 'c93b19ea3fa94484824213db8ac0afce' + user_ref = self.identity_api.get_user(admin_id) self.assertEquals(user_ref['name'], 'admin') + + # check password hashing + user_ref, tenant_ref, metadata_ref = self.identity_api.authenticate( + user_id=admin_id, password='secrete') |