From b29ce66f03e9e785dedff692b893bfc5a7074a8c Mon Sep 17 00:00:00 2001 From: Yogeshwar Srikrishnan Date: Fri, 17 Jun 2011 15:42:36 -0500 Subject: Changes to hash password. --- keystone/db/sqlalchemy/api/user.py | 8 ++++++++ keystone/logic/service.py | 4 ++-- keystone/test/unit/test_authentication.py | 2 +- keystone/utils.py | 8 ++++++++ 4 files changed, 19 insertions(+), 3 deletions(-) diff --git a/keystone/db/sqlalchemy/api/user.py b/keystone/db/sqlalchemy/api/user.py index 9d2f901f..d3d31387 100755 --- a/keystone/db/sqlalchemy/api/user.py +++ b/keystone/db/sqlalchemy/api/user.py @@ -15,6 +15,7 @@ # License for the specific language governing permissions and limitations # under the License. +import keystone.utils as utils from keystone.db.sqlalchemy import get_session, models, aliased, joinedload def get_all(session=None): @@ -49,10 +50,16 @@ def tenant_group_delete(id, group_id, session=None): def create(values): user_ref = models.User() + check_and_use_hashed_password(values) user_ref.update(values) user_ref.save() return user_ref +def check_and_use_hashed_password(values): + if type(values) is dict and 'password' in values.keys(): + values['password'] = utils.get_hashed_password(values['password']) + elif type(values) is models.User: + values.password = utils.get_hashed_password(values.password) def get(id, session=None): if not session: @@ -143,6 +150,7 @@ def update(id, values, session=None): session = get_session() with session.begin(): user_ref = get(id, session) + check_and_use_hashed_password(values) user_ref.update(values) user_ref.save(session=session) diff --git a/keystone/logic/service.py b/keystone/logic/service.py index 382ebdde..b5786134 100755 --- a/keystone/logic/service.py +++ b/keystone/logic/service.py @@ -26,7 +26,7 @@ import keystone.logic.types.tenant as tenants import keystone.logic.types.role as roles import keystone.logic.types.user as get_users import keystone.logic.types.baseURL as baseURLs - +import keystone.utils as utils class IdentityService(object): "This is the logical implemenation of the Identity service" @@ -52,7 +52,7 @@ class IdentityService(object): if not duser.enabled: raise fault.UserDisabledFault("Your account has been disabled") - if duser.password != credentials.password: + if duser.password != utils.get_hashed_password(credentials.password): raise fault.UnauthorizedFault("Unauthorized") # diff --git a/keystone/test/unit/test_authentication.py b/keystone/test/unit/test_authentication.py index fb79c319..96bf271b 100755 --- a/keystone/test/unit/test_authentication.py +++ b/keystone/test/unit/test_authentication.py @@ -88,7 +88,7 @@ class AuthenticationTest(unittest.TestCase): self.assertTrue(resp['x-auth-token']) self.assertTrue(resp['x-server-management-url']) self.assertTrue(resp['x-storage-url']) - self.assertTrue(resp['x-cdn-management-url']) + self.assertTrue(resp['x-glance']) def test_a_authorize_user_disabled(self): header = httplib2.Http(".cache") diff --git a/keystone/utils.py b/keystone/utils.py index a72d40b6..eb90b326 100644 --- a/keystone/utils.py +++ b/keystone/utils.py @@ -22,6 +22,7 @@ import logging import os import routes import sys +import hashlib from webob import Response from webob import Request from webob import descriptors @@ -160,3 +161,10 @@ def send_legacy_result(code, headers): resp.content_type_params = {'charset': 'UTF-8'} return resp + +#Currently using sha1 to hash.Need to figure if there is an openstack standard.Not using salt val as of now. +def get_hashed_password(password): + if password != None and len(password) > 0: + return hashlib.sha1(password).hexdigest() + else: + return None \ No newline at end of file -- cgit