diff --git a/README.md b/README.md index 1db2c7d..c98f26c 100644 --- a/README.md +++ b/README.md @@ -55,6 +55,8 @@ This command will install in your server paramecio framework with its dependenci When Paramecio finish the installing, you can create your first paramecio site with `paramecio` command. +> If you install passlib and bcrypt python modules, your paramecio install will use bcrypt algorithm for crypt system passwords. If not, use default system implementation hash algorithm (normally the more strong algorithm available). + ### Tipical errors If you get am error in your installation of any dependencies how MarkupSafe or SqlAlchemy, please install gcc or install manually mako and sqlalchemy with your package manager. For example for debian and ubuntu: diff --git a/paramecio/cromosoma/extrafields/passwordfield.py b/paramecio/cromosoma/extrafields/passwordfield.py index 6f32595..580debe 100644 --- a/paramecio/cromosoma/extrafields/passwordfield.py +++ b/paramecio/cromosoma/extrafields/passwordfield.py @@ -1,63 +1,121 @@ from paramecio.cromosoma.corefields import PhangoField from paramecio.cromosoma.coreforms import PasswordForm from hmac import compare_digest as compare_hash -#from passlib.hash import bcrypt -#from passlib.hash import bcrypt_sha256 -import crypt -class PasswordField(PhangoField): - - def __init__(self, name, size=1024, required=False): +try: + + from passlib.hash import bcrypt + from passlib.hash import bcrypt_sha256 + + class PasswordField(PhangoField): - super(PasswordField, self).__init__(name, size, required) - self.protected=True - self.name_form=PasswordForm - self.default_value='' - - def check(self, value): - - self.txt_error='' - self.error=False - - value.strip() - - if value=='': + def __init__(self, name, size=1024, required=False): - if self.model!=None: + super(PasswordField, self).__init__(name, size, required) + self.protected=True + self.name_form=PasswordForm + self.default_value='' + + def check(self, value): - if self.model.updated==True: - self.required=False - self.check_blank=True - return "" + self.txt_error='' + self.error=False + + value.strip() + + if value=='': + + if self.model!=None: + + if self.model.updated==True: + self.required=False + self.check_blank=True + return "" + else: + + self.txt_error="The field is empty" + self.error=True + else: - self.txt_error="The field is empty" self.error=True - - else: - self.txt_error="The field is empty" - self.error=True - - else: - - #if crypt.METHOD_SHA512 in crypt.methods: - - #salt=crypt.mksalt(crypt.METHOD_SHA512) - value=crypt.crypt(value) - - """ + else: - self.txt_error="You need the SHA512 method" - self.error=True - return "" - """ + #if crypt.METHOD_SHA512 in crypt.methods: + + value = bcrypt_sha256.encrypt(value) + + """ + else: + + self.txt_error="You need the SHA512 method" + self.error=True + return "" + """ + + return value - return value + @staticmethod + def verify( password, h): + + return bcrypt_sha256.verify(password, h) - @staticmethod - def verify( password, h): - #return bcrypt_sha256.verify(password, h) - return compare_hash(h, crypt.crypt(password, h)) +except: + import crypt + class PasswordField(PhangoField): + + def __init__(self, name, size=1024, required=False): + + super(PasswordField, self).__init__(name, size, required) + self.protected=True + self.name_form=PasswordForm + self.default_value='' + + def check(self, value): + + self.txt_error='' + self.error=False + + value.strip() + + if value=='': + + if self.model!=None: + + if self.model.updated==True: + self.required=False + self.check_blank=True + return "" + else: + + self.txt_error="The field is empty" + self.error=True + + else: + self.txt_error="The field is empty" + self.error=True + + else: + + #if crypt.METHOD_SHA512 in crypt.methods: + + #salt=crypt.mksalt(crypt.METHOD_SHA512) + value=crypt.crypt(value) + + """ + else: + + self.txt_error="You need the SHA512 method" + self.error=True + return "" + """ + + return value + + @staticmethod + def verify( password, h): + #return bcrypt_sha256.verify(password, h) + return compare_hash(h, crypt.crypt(password, h)) diff --git a/setup.py b/setup.py index 3cae524..ee4a817 100644 --- a/setup.py +++ b/setup.py @@ -10,6 +10,7 @@ if sys.version_info < (3, 3): #import paramecio # Pillow should be installed after if you need ImageField +# If you install passlib and bcrypt, the password system will use bcrypt by default, if not, will use native crypt libc setup(name='paramecio', version='0.1.2',