From b01f7645c8380b5d13c86b6ecc036267230bf200 Mon Sep 17 00:00:00 2001 From: mdipierro Date: Tue, 10 Jul 2012 20:40:47 -0500 Subject: [PATCH] more options with hmac and salt in auth, thanks Dave --- VERSION | 2 +- gluon/validators.py | 20 ++++++++++++++++---- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/VERSION b/VERSION index 9fa761cc..74e91ff6 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -Version 2.00.0 (2012-07-10 00:22:32) dev +Version 2.00.0 (2012-07-10 20:40:42) dev diff --git a/gluon/validators.py b/gluon/validators.py index b271a422..ace9db24 100644 --- a/gluon/validators.py +++ b/gluon/validators.py @@ -2546,10 +2546,14 @@ class LazyCrypt(object): else: salt = self.crypt.salt if ':' in self.crypt.key: - alg = self.crypt.key.split(':')[0] + (alg, hash_key) = self.crypt.key.split(':') else: - alg = self.crypt.digest_alg - self.crypted = '%s$%s$%s' % (alg, salt, hmac_hash(self.password+salt, self.crypt.key, alg)) + (alg, hash_key) = self.crypt.digest_alg, None + if hash_key: + h = hmac_hash(self.password+salt, self.crypt.key, alg) + else: + h = imple_hash(self.password+salt, alg) + self.crypted = '%s$%s$%s' % (alg, salt, h) elif self.crypt.key: self.crypted = hmac_hash(self.password, self.crypt.key, self.crypt.digest_alg) else: @@ -2560,8 +2564,16 @@ class LazyCrypt(object): compares the current lazy crypted password with a stored password """ if self.crypt.salt and stored_password.count('$')==2: + if ':' in self.crypt.key: + hash_key = self.crypt.key.split(':')[1] + else: + hash_key = None (algorithm, salt, hash) = stored_password.split('$') - temp_pass = '%s$%s$%s' % (algorithm, salt, hmac_hash(self.password+salt, self.crypt.key, algorithm)) + if hash_key: + h = hmac_hash(self.password+salt, self.crypt.key, algorithm) + else: + h = simple_hash(self.password+salt, algorithm) + temp_pass = '%s$%s$%s' % (algorithm, salt, h) else: temp_pass = str(self) return temp_pass == stored_password