Making compatible with deprecation of crypt module in python

paramecio2/libraries/db/extrafields/passwordfield.py

@@ -20,7 +20,13 @@ along with this program.  If not, see <https://www.gnu.org/licenses/>.
 from paramecio2.libraries.db.corefields import PhangoField
 from paramecio2.libraries.db.coreforms import PasswordForm
 from hmac import compare_digest as compare_hash
-import crypt
+#try:
+#    import crypt
+#except:
+#    pass
+
+#import bcrypt
+from argon2 import PasswordHasher
 
 class PasswordField(PhangoField):
     """Field for check and save passwords"""
@@ -63,7 +69,10 @@ class PasswordField(PhangoField):
             
             #salt=crypt.mksalt(crypt.METHOD_SHA512)
             if self.encrypt_password:
-                value=crypt.crypt(value)
+                #value=crypt.crypt(value)
+                ph=PasswordHasher()
+                final_value=ph.hash(value)
+                return final_value
 
             """
             else:
@@ -79,7 +88,12 @@ class PasswordField(PhangoField):
     def verify( password, h):
         """Static method used for verify a password save using PasswordField"""
         #return bcrypt_sha256.verify(password, h)
-        return compare_hash(h, crypt.crypt(password, h))
+        #return compare_hash(h, crypt.crypt(password, h))
+        ph=PasswordHasher()
+        try:
+            return ph.verify(h, password)
+        except:
+            return False
 
 # Old function bcrypt
 

paramecio2/modules/admin/app.py

@@ -15,6 +15,13 @@ from os import path
 from paramecio2.modules.admin import admin_app, t
 from paramecio2.libraries.sendmail import SendMail
 from paramecio2.libraries.formsutils import check_csrf
+from hmac import compare_digest as compare_hash
+
+try:
+    import crypt
+    crypt_pass=True
+except:
+    crypt_pass=False
 #import gettext
 
 #_=pgettext(__file__)
@@ -190,6 +197,7 @@ def logout():
 def login():
     
     #connection=WebModel.connection()
+    new_crypt=False
     
     user_admin=UserAdmin(g.connection)
 
@@ -218,7 +226,21 @@ def login():
         
         if arr_user and not check_login_tries():
             
-            if user_admin.fields['password'].verify(password, arr_user['password']):
+            # Layer compatibility with old crypt password
+            
+            check_pass=user_admin.fields['password'].verify(password, arr_user['password'])
+            
+            if not check_pass:
+                #check_pass=password_ok(password, arr_user['password'])
+                try:
+                    check_pass=compare_hash(arr_user['password'], crypt.crypt(password, arr_user['password']))
+                    new_crypt=True
+                except:
+                    print('Warning: python developers deleting unix crypt module support, you cannot use sha512 passwords.')
+                    check_pass=False
+                    pass
+            
+            if check_pass:
                 
                 if not arr_user['disabled']:
 
@@ -275,6 +297,13 @@ def login():
                     
                     if len(arr_update)>0:
                         
+                        if new_crypt:
+                            print('Changing password for %s to argon2' % arr_user['username'])
+                            
+                            user_admin.fields['password'].protected=False
+                            
+                            arr_update['password']=password
+                            
                         user_admin.set_conditions('WHERE id=%s', [arr_user['id']]).update(arr_update)
                     
                     return resp