paramecio/paramecio2fm
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Making compatible with deprecation of crypt module in python

Browse source
This commit is contained in:
absurdo 2024-01-24 00:31:20 +01:00
parent 3c9a0526b9
commit a30f242cc8
3 changed files with 48 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

20
paramecio2/libraries/db/extrafields/passwordfield.py
View file

@ -20,7 +20,13 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
from paramecio2.libraries.db.corefields import PhangoField from paramecio2.libraries.db.corefields import PhangoField
from paramecio2.libraries.db.coreforms import PasswordForm from paramecio2.libraries.db.coreforms import PasswordForm
from hmac import compare_digest as compare_hash from hmac import compare_digest as compare_hash
import crypt #try:
# import crypt
#except:
# pass
#import bcrypt
from argon2 import PasswordHasher
class PasswordField(PhangoField): class PasswordField(PhangoField):
"""Field for check and save passwords""" """Field for check and save passwords"""
@ -63,7 +69,10 @@ class PasswordField(PhangoField):
#salt=crypt.mksalt(crypt.METHOD_SHA512) #salt=crypt.mksalt(crypt.METHOD_SHA512)
if self.encrypt_password: if self.encrypt_password:
value=crypt.crypt(value) #value=crypt.crypt(value)
ph=PasswordHasher()
final_value=ph.hash(value)
return final_value
""" """
else: else:
@ -79,7 +88,12 @@ class PasswordField(PhangoField):
def verify( password, h): def verify( password, h):
"""Static method used for verify a password save using PasswordField""" """Static method used for verify a password save using PasswordField"""
#return bcrypt_sha256.verify(password, h) #return bcrypt_sha256.verify(password, h)
return compare_hash(h, crypt.crypt(password, h)) #return compare_hash(h, crypt.crypt(password, h))
ph=PasswordHasher()
try:
return ph.verify(h, password)
except:
return False
# Old function bcrypt # Old function bcrypt

31
paramecio2/modules/admin/app.py
View file

@ -15,6 +15,13 @@ from os import path
from paramecio2.modules.admin import admin_app, t from paramecio2.modules.admin import admin_app, t
from paramecio2.libraries.sendmail import SendMail from paramecio2.libraries.sendmail import SendMail
from paramecio2.libraries.formsutils import check_csrf from paramecio2.libraries.formsutils import check_csrf
from hmac import compare_digest as compare_hash
try:
import crypt
crypt_pass=True
except:
crypt_pass=False
#import gettext #import gettext
#_=pgettext(__file__) #_=pgettext(__file__)
@ -190,6 +197,7 @@ def logout():
def login(): def login():
#connection=WebModel.connection() #connection=WebModel.connection()
new_crypt=False
user_admin=UserAdmin(g.connection) user_admin=UserAdmin(g.connection)
@ -218,7 +226,21 @@ def login():
if arr_user and not check_login_tries(): if arr_user and not check_login_tries():
if user_admin.fields['password'].verify(password, arr_user['password']): # Layer compatibility with old crypt password
check_pass=user_admin.fields['password'].verify(password, arr_user['password'])
if not check_pass:
#check_pass=password_ok(password, arr_user['password'])
try:
check_pass=compare_hash(arr_user['password'], crypt.crypt(password, arr_user['password']))
new_crypt=True
except:
print('Warning: python developers deleting unix crypt module support, you cannot use sha512 passwords.')
check_pass=False
pass
if check_pass:
if not arr_user['disabled']: if not arr_user['disabled']:
@ -275,6 +297,13 @@ def login():
if len(arr_update)>0: if len(arr_update)>0:
if new_crypt:
print('Changing password for %s to argon2' % arr_user['username'])
user_admin.fields['password'].protected=False
arr_update['password']=password
user_admin.set_conditions('WHERE id=%s', [arr_user['id']]).update(arr_update) user_admin.set_conditions('WHERE id=%s', [arr_user['id']]).update(arr_update)
return resp return resp

2
setup.py
View file

@ -21,7 +21,7 @@ setup(name='paramecio2',
url='https://git.cuchulu.com/paramecio/paramecio2fm/', url='https://git.cuchulu.com/paramecio/paramecio2fm/',
packages=['paramecio2'], packages=['paramecio2'],
include_package_data=True, include_package_data=True,
install_requires=['flask', 'pymysql', 'sqlalchemy', 'colorama', 'python-slugify', 'mako', 'pillow', 'arrow', 'bleach'], install_requires=['flask', 'pymysql', 'sqlalchemy', 'colorama', 'python-slugify', 'mako', 'pillow', 'arrow', 'bleach', 'argon2-cffi'],
entry_points={'console_scripts': [ entry_points={'console_scripts': [
'paramecio2 = paramecio2.console:start', 'paramecio2db = paramecio2.libraries.db.dbadmin:start', 'paramecio2lang = paramecio2.libraries.check_i18n:start', 'paramecio2 = paramecio2.console:start', 'paramecio2db = paramecio2.libraries.db.dbadmin:start', 'paramecio2lang = paramecio2.libraries.check_i18n:start',
]}, ]},