From 0b007cd3fb081439bb2c8de47c2bfbbfade6f1b4 Mon Sep 17 00:00:00 2001 From: farhaanbukhsh Date: Jan 19 2016 15:21:01 +0000 Subject: Add fucntions in lib --- diff --git a/pagure/lib/login.py b/pagure/lib/login.py index bd171bb..d944b1a 100644 --- a/pagure/lib/login.py +++ b/pagure/lib/login.py @@ -13,6 +13,7 @@ import string import bcrypt from pagure.lib import model +from kitchen.text.converters import to_unicode, to_bytes def id_generator(size=15, chars=string.ascii_uppercase + string.digits): @@ -69,6 +70,20 @@ def generate_hashed_value(password): return '$2$' + bcrypt.hashpw(to_unicode(password), bcrypt.gensalt()) def retrieve_hashed_value(password, hash_value): - """Retrieve hash value to compare + """ Retrieve hash value to compare """ return bcrypt.hashpw(to_unicode(password), hash_value) + +def get_password(entered_password, user_password, version): + """ Version checking and returning the password + """ + if version == '2': + password = retrieve_hashed_value( + entered_password, user_password) + return password + + elif version == '1': + password = '%s%s' % (to_unicode(entered_password), + APP.config.get('PASSWORD_SEED', None)) + password = hashlib.sha512(password).hexdigest() + return password diff --git a/pagure/ui/login.py b/pagure/ui/login.py index 8f6b663..7a8e186 100644 --- a/pagure/ui/login.py +++ b/pagure/ui/login.py @@ -25,11 +25,12 @@ import pagure.lib.login import pagure.lib.model as model import pagure.lib.notify from pagure import APP, SESSION -from pagure.lib.login import generate_hashed_value, retrieve_hashed_value +from pagure.lib.login import generate_hashed_value, retrieve_hashed_value, get_password # pylint: disable=E1101 + @APP.route('/user/new/', methods=['GET', 'POST']) @APP.route('/user/new', methods=['GET', 'POST']) def new_user(): @@ -103,18 +104,7 @@ def do_login(): user_obj = pagure.lib.search_user(SESSION, username=username) _, version, user_password = user_obj.password.split('$', 2) - if version == '2': - password = retrieve_hashed_value(form.password.data, user_password) - - elif version == '1': - password = '%s%s' % (to_unicode(form.password.data), - APP.config.get('PASSWORD_SEED', None)) - password = hashlib.sha512(password).hexdigest() - - else: - flask.flash('Something is wrong with your account', 'error') - return flask.redirect(flask.url_for('auth_login')) - + password = get_password(form.password.data, user_password, version) if not user_obj or not constant_time.bytes_eq( to_bytes(user_password), @@ -125,8 +115,8 @@ def do_login(): elif user_obj.token: flask.flash( - 'Invalid user, did you confirm the creation with the url ' - 'provided by email?', 'error') + 'Invalid user, did you confirm the creation with the url ' + 'provided by email?', 'error') return flask.redirect(flask.url_for('auth_login')) else: @@ -296,14 +286,8 @@ def change_password(username): flask.flash('No user associated with this username.', 'error') return flask.redirect(flask.url_for('auth_login')) if form.validate_on_submit(): - if version == '2': - old_password = retrieve_hashed_value( - form.old_password.data, user_password) - - elif version == '1': - old_password = '%s%s' % (to_unicode(form.old_password.data), - APP.config.get('PASSWORD_SEED', None)) - old_password = hashlib.sha512(old_password).hexdigest() + + old_password = get_password(form.old_password.data, user_password, version) if constant_time.bytes_eq(to_bytes(user_password), to_bytes(old_password)):