diff --git a/VERSION b/VERSION index 262bcfef..d6d059ee 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -Version 2.00.0 (2012-07-04 22:50:45) dev +Version 2.00.0 (2012-07-04 23:30:47) dev diff --git a/applications/welcome/private/auth.key b/applications/welcome/private/auth.key index 2a518454..cfe65bbb 100644 --- a/applications/welcome/private/auth.key +++ b/applications/welcome/private/auth.key @@ -1 +1 @@ -sha512:9d649235-cf34-4b0c-b103-28e985bc3d40 \ No newline at end of file +sha512:e5b75f2b-4ce9-41c0-a93b-b03f0135cd2c \ No newline at end of file diff --git a/gluon/validators.py b/gluon/validators.py index 10f47e97..abe54823 100644 --- a/gluon/validators.py +++ b/gluon/validators.py @@ -2543,9 +2543,11 @@ class LazyCrypt(object): salt = str(web2py_uuid()).replace('-','')[-16:] else: salt = self.crypt.salt - self.crypted = '%s$%s$%s' % \ - (self.crypt.digest_alg, salt, - simple_hash(self.password+salt, self.crypt.digest_alg)) + if ':' in self.crypt.key: + alg = self.crypt.key.split(':')[0] + else: + alg = self.crypt.digest_alg + self.crypted = '%s$%s$%s' % (alg, salt, hmac_hash(self.password+salt, self.crypt.key, alg)) elif self.crypt.key: self.crypted = hmac_hash(self.password, self.crypt.key, self.crypt.digest_alg) else: @@ -2556,8 +2558,8 @@ class LazyCrypt(object): compares the current lazy crypted password with a stored password """ if self.crypt.salt and stored_password.count('$')==2: - (algorithm, salt, hash) = stored_password.split('$') - temp_pass = '%s$%s$%s' % (algorithm, salt, simple_hash(self.password+salt, algorithm)) + (algorithm, salt, hash) = stored_password.split('$') + temp_pass = '%s$%s$%s' % (algorithm, salt, hmac_hash(self.password+salt, self.crypt.key, algorithm)) else: temp_pass = str(self) return temp_pass == stored_password