comparison MoinMoin/user.py @ 6103:500f68d3e2fd

remove our own usage of python_compatibility module
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Tue, 06 Sep 2016 01:00:25 +0200
parents 1306560f158e
children 561b7a9c2bd9
comparison
equal deleted inserted replaced
6102:df21062e294d 6103:500f68d3e2fd
19 2010 Michael Foetsch <foetsch@yahoo.com> 19 2010 Michael Foetsch <foetsch@yahoo.com>
20 @license: GNU GPL, see COPYING for details. 20 @license: GNU GPL, see COPYING for details.
21 """ 21 """
22 22
23 import os, time, codecs, base64 23 import os, time, codecs, base64
24 import hashlib
25 import hmac
24 from copy import deepcopy 26 from copy import deepcopy
25 import md5crypt 27 import md5crypt
26 28
27 try: 29 try:
28 import crypt 30 import crypt
29 except ImportError: 31 except ImportError:
30 crypt = None 32 crypt = None
31 33
32 from MoinMoin import log 34 from MoinMoin import log
33 logging = log.getLogger(__name__) 35 logging = log.getLogger(__name__)
34
35 from MoinMoin.support.python_compatibility import hash_new, hmac_new
36 36
37 from MoinMoin import config, caching, wikiutil, i18n, events 37 from MoinMoin import config, caching, wikiutil, i18n, events
38 from werkzeug.security import safe_str_cmp as safe_str_equal 38 from werkzeug.security import safe_str_cmp as safe_str_equal
39 from MoinMoin.util import timefuncs, random_string 39 from MoinMoin.util import timefuncs, random_string
40 from MoinMoin.wikiutil import url_quote_plus 40 from MoinMoin.wikiutil import url_quote_plus
283 elif scheme == '{SSHA}': 283 elif scheme == '{SSHA}':
284 pwd = pwd.encode('utf-8') 284 pwd = pwd.encode('utf-8')
285 if salt is None: 285 if salt is None:
286 salt = random_string(20) 286 salt = random_string(20)
287 assert isinstance(salt, str) 287 assert isinstance(salt, str)
288 hash = hash_new('sha1', pwd) 288 hash = hashlib.new('sha1', pwd)
289 hash.update(salt) 289 hash.update(salt)
290 return '{SSHA}' + base64.encodestring(hash.digest() + salt).rstrip() 290 return '{SSHA}' + base64.encodestring(hash.digest() + salt).rstrip()
291 else: 291 else:
292 # should never happen as we check the value of cfg.password_scheme 292 # should never happen as we check the value of cfg.password_scheme
293 raise NotImplementedError 293 raise NotImplementedError
713 else: 713 else:
714 # a password hash to be checked by legacy, builtin code 714 # a password hash to be checked by legacy, builtin code
715 if scheme == '{SSHA}': 715 if scheme == '{SSHA}':
716 d = base64.decodestring(d) 716 d = base64.decodestring(d)
717 salt = d[20:] 717 salt = d[20:]
718 hash = hash_new('sha1', password.encode('utf-8')) 718 hash = hashlib.new('sha1', password.encode('utf-8'))
719 hash.update(salt) 719 hash.update(salt)
720 enc = base64.encodestring(hash.digest() + salt).rstrip() 720 enc = base64.encodestring(hash.digest() + salt).rstrip()
721 721
722 elif scheme == '{SHA}': 722 elif scheme == '{SHA}':
723 enc = base64.encodestring( 723 enc = base64.encodestring(
724 hash_new('sha1', password.encode('utf-8')).digest()).rstrip() 724 hashlib.new('sha1', password.encode('utf-8')).digest()).rstrip()
725 725
726 elif scheme == '{APR1}': 726 elif scheme == '{APR1}':
727 # d is of the form "$apr1$<salt>$<hash>" 727 # d is of the form "$apr1$<salt>$<hash>"
728 salt = d.split('$')[2] 728 salt = d.split('$')[2]
729 enc = md5crypt.apache_md5_crypt(password.encode('utf-8'), 729 enc = md5crypt.apache_md5_crypt(password.encode('utf-8'),
1258 return self.host() 1258 return self.host()
1259 1259
1260 def generate_recovery_token(self): 1260 def generate_recovery_token(self):
1261 key = random_string(64, "abcdefghijklmnopqrstuvwxyz0123456789") 1261 key = random_string(64, "abcdefghijklmnopqrstuvwxyz0123456789")
1262 msg = str(int(time.time())) 1262 msg = str(int(time.time()))
1263 h = hmac_new(key, msg).hexdigest() 1263 h = hmac.new(key, msg).hexdigest()
1264 self.recoverpass_key = key 1264 self.recoverpass_key = key
1265 self.save() 1265 self.save()
1266 return msg + '-' + h 1266 return msg + '-' + h
1267 1267
1268 def apply_recovery_token(self, tok, newpass): 1268 def apply_recovery_token(self, tok, newpass):
1276 lifetime = self._request.cfg.recovery_token_lifetime * 3600 1276 lifetime = self._request.cfg.recovery_token_lifetime * 3600
1277 if time.time() > stamp + lifetime: 1277 if time.time() > stamp + lifetime:
1278 return False 1278 return False
1279 # check hmac 1279 # check hmac
1280 # key must be of type string 1280 # key must be of type string
1281 h = hmac_new(str(self.recoverpass_key), str(stamp)).hexdigest() 1281 h = hmac.new(str(self.recoverpass_key), str(stamp)).hexdigest()
1282 if not safe_str_equal(h, parts[1]): 1282 if not safe_str_equal(h, parts[1]):
1283 return False 1283 return False
1284 self.recoverpass_key = "" 1284 self.recoverpass_key = ""
1285 self.enc_password = encodePassword(self._cfg, newpass) 1285 self.enc_password = encodePassword(self._cfg, newpass)
1286 self.save() 1286 self.save()