Browse Source

Adiciona hasher para senhas migradas do zope

(com utilitário para migrar para o novo formato)
pull/1580/head
Marcio Mazza 7 years ago
parent
commit
93a352d0db
  1. 54
      sapl/hashers.py
  2. 5
      sapl/settings.py
  3. 11
      test_hashers.py

54
sapl/hashers.py

@ -0,0 +1,54 @@
import base64
import hashlib
from django.contrib.auth.hashers import PBKDF2PasswordHasher, make_password
from django.utils.encoding import force_bytes
def to_base64(source):
return base64.b64encode(source).decode('utf-8')
class ZopeSHA1PasswordHasher(PBKDF2PasswordHasher):
"""
The SHA1 password hashing algorithm used by Zope.
Zope uses `password + salt`, Django has `salt + password`.
Pre encode with SHA1 in this order and PBKDF2 afterwards.
based on https://www.fourdigits.nl/blog/converting-plone-data-to-django/
"""
algorithm = "zope_sha1_pbkdf2"
def encode(self, password, salt, iterations=None):
assert password is not None
assert salt
password = force_bytes(password)
decoded_salt = base64.b64decode(salt)
# this is what is stored in zope
hashed = hashlib.sha1(password + decoded_salt).digest() + decoded_salt
hashed = to_base64(hashed)
# encode again with the standard method
return super().encode(hashed, salt, iterations)
def get_salt_from_zope_sha1(data):
intermediate = base64.b64decode(data)
salt = intermediate[20:].strip()
return to_base64(salt)
ZOPE_SHA1_PREFIX = '{SSHA}'
def zope_encoded_password_to_django(encoded):
if encoded.startswith(ZOPE_SHA1_PREFIX):
data = encoded[len(ZOPE_SHA1_PREFIX):]
salt = get_salt_from_zope_sha1(data)
hasher = ZopeSHA1PasswordHasher()
return super(ZopeSHA1PasswordHasher, hasher).encode(data, salt)
else:
# assume it's a plain password and use the default hashing
return make_password(encoded)

5
sapl/settings.py

@ -299,3 +299,8 @@ def excepthook(*args):
'Uncaught exception:', exc_info=args) 'Uncaught exception:', exc_info=args)
# sys.excepthook = excepthook # sys.excepthook = excepthook
PASSWORD_HASHERS = [
'django.contrib.auth.hashers.PBKDF2PasswordHasher', # default
'sapl.hashers.ZopeSHA1PasswordHasher',
]

11
test_hashers.py

@ -0,0 +1,11 @@
from sapl.hashers import (ZopeSHA1PasswordHasher,
zope_encoded_password_to_django)
def test_zope_encoded_password_to_django():
password = 'saploper'
encoded = '{SSHA}Swzvwt/2lSJfA8KUOl6cRjkpmHLkLkmsKu28'
salt = '5C5JrCrtvA=='
migrated = zope_encoded_password_to_django(encoded)
encoded = ZopeSHA1PasswordHasher().encode(password, salt)
assert migrated == encoded
Loading…
Cancel
Save