diff options
Diffstat (limited to 'keystone')
| -rw-r--r-- | keystone/common/config.py | 1 | ||||
| -rw-r--r-- | keystone/common/utils.py | 13 | ||||
| -rw-r--r-- | keystone/token/controllers.py | 8 |
3 files changed, 10 insertions, 12 deletions
diff --git a/keystone/common/config.py b/keystone/common/config.py index 10c47a35..cd525369 100644 --- a/keystone/common/config.py +++ b/keystone/common/config.py @@ -210,6 +210,7 @@ def configure(): # identity register_str('default_domain_id', group='identity', default='default') + register_int('max_password_length', group='identity', default=4096) # trust register_bool('enabled', group='trust', default=True) diff --git a/keystone/common/utils.py b/keystone/common/utils.py index fd2d7567..9966ee67 100644 --- a/keystone/common/utils.py +++ b/keystone/common/utils.py @@ -36,8 +36,6 @@ config.register_int('crypt_strength', default=40000) LOG = logging.getLogger(__name__) -MAX_PASSWORD_LENGTH = 4096 - def read_cached_file(filename, cache_info, reload_func=None): """Read from a file if it has been modified. @@ -68,12 +66,13 @@ class SmarterEncoder(json.JSONEncoder): def trunc_password(password): - """Truncate passwords to the MAX_PASSWORD_LENGTH.""" + """Truncate passwords to the max_length.""" + max_length = CONF.identity.max_password_length try: - if len(password) > MAX_PASSWORD_LENGTH: - return password[:MAX_PASSWORD_LENGTH] - else: - return password + if len(password) > max_length: + LOG.warning( + _('Truncating user password to %s characters.') % max_length) + return password[:max_length] except TypeError: raise exception.ValidationError(attribute='string', target='password') diff --git a/keystone/token/controllers.py b/keystone/token/controllers.py index 9ebc29fe..91514493 100644 --- a/keystone/token/controllers.py +++ b/keystone/token/controllers.py @@ -4,7 +4,6 @@ from keystone.common import cms from keystone.common import controller from keystone.common import dependency from keystone.common import logging -from keystone.common import utils from keystone.common import wsgi from keystone import config from keystone import exception @@ -215,10 +214,9 @@ class Auth(controller.V2Controller): attribute='password', target='passwordCredentials') password = auth['passwordCredentials']['password'] - max_pw_size = utils.MAX_PASSWORD_LENGTH - if password and len(password) > max_pw_size: - raise exception.ValidationSizeError(attribute='password', - size=max_pw_size) + if password and len(password) > CONF.identity.max_password_length: + raise exception.ValidationSizeError( + attribute='password', size=CONF.identity.max_password_length) if ("userId" not in auth['passwordCredentials'] and "username" not in auth['passwordCredentials']): |