[Checkins] SVN: PluggableAuthService/branches/1.4/ Backport fix for
http://www.zope.org/Collectors/Zope/1926 from trunk.
Tres Seaver
tseaver at palladion.com
Tue Dec 19 13:15:38 EST 2006
Log message for revision 71605:
Backport fix for http://www.zope.org/Collectors/Zope/1926 from trunk.
Changed:
U PluggableAuthService/branches/1.4/doc/CHANGES.txt
U PluggableAuthService/branches/1.4/plugins/ZODBUserManager.py
U PluggableAuthService/branches/1.4/plugins/tests/test_ZODBUserManager.py
U PluggableAuthService/branches/1.4/version.txt
-=-
Modified: PluggableAuthService/branches/1.4/doc/CHANGES.txt
===================================================================
--- PluggableAuthService/branches/1.4/doc/CHANGES.txt 2006-12-19 16:34:18 UTC (rev 71604)
+++ PluggableAuthService/branches/1.4/doc/CHANGES.txt 2006-12-19 18:15:37 UTC (rev 71605)
@@ -1,5 +1,13 @@
PluggableAuthService changelog
+ PluggableAuthService 1.4.1 (unreleased)
+
+ Bugs Fixed
+
+ - ZODBUserManager: Already encrypted passwords were encrypted again in
+ addUser and updateUserPassword (backported from trunk).
+ (http://www.zope.org/Collectors/Zope/1926)
+
PluggableAuthService 1.4 (2006/08/28)
Bugs Fixed
Modified: PluggableAuthService/branches/1.4/plugins/ZODBUserManager.py
===================================================================
--- PluggableAuthService/branches/1.4/plugins/ZODBUserManager.py 2006-12-19 16:34:18 UTC (rev 71604)
+++ PluggableAuthService/branches/1.4/plugins/ZODBUserManager.py 2006-12-19 18:15:37 UTC (rev 71605)
@@ -279,7 +279,7 @@
if self._login_to_userid.get( login_name ) is not None:
raise KeyError, 'Duplicate login name: %s' % login_name
- self._user_passwords[ user_id ] = AuthEncoding.pw_encrypt( password )
+ self._user_passwords[ user_id ] = self._pw_encrypt( password)
self._login_to_userid[ login_name ] = user_id
self._userid_to_login[ user_id ] = login_name
@@ -322,9 +322,19 @@
raise KeyError, 'Invalid user ID: %s' % user_id
if password:
- digested = AuthEncoding.pw_encrypt( password )
- self._user_passwords[ user_id ] = digested
+ self._user_passwords[ user_id ] = self._pw_encrypt( password )
+ security.declarePrivate( '_pw_encrypt' )
+ def _pw_encrypt( self, password ):
+ """Returns the AuthEncoding encrypted password
+
+ If 'password' is already encrypted, it is returned
+ as is and not encrypted again.
+ """
+ if AuthEncoding.is_encrypted( password ):
+ return password
+ return AuthEncoding.pw_encrypt( password )
+
#
# ZMI
#
Modified: PluggableAuthService/branches/1.4/plugins/tests/test_ZODBUserManager.py
===================================================================
--- PluggableAuthService/branches/1.4/plugins/tests/test_ZODBUserManager.py 2006-12-19 16:34:18 UTC (rev 71604)
+++ PluggableAuthService/branches/1.4/plugins/tests/test_ZODBUserManager.py 2006-12-19 18:15:37 UTC (rev 71605)
@@ -426,7 +426,83 @@
info = zum.enumerateUsers(id='special__luser', exact_match=True)
self.assertEqual(len(info), 0)
+ def test_addUser_with_not_yet_encrypted_password(self):
+ # See collector #1869 && #1926
+ from AccessControl.AuthEncoding import is_encrypted
+ USER_ID = 'not_yet_encrypted'
+ PASSWORD = 'password'
+
+ self.failIf(is_encrypted(PASSWORD))
+
+ zum = self._makeOne()
+ zum.addUser(USER_ID, USER_ID, PASSWORD)
+
+ uid_and_info = zum.authenticateCredentials(
+ { 'login': USER_ID
+ , 'password': PASSWORD
+ })
+
+ self.assertEqual(uid_and_info, (USER_ID, USER_ID))
+
+ def test_addUser_with_preencrypted_password(self):
+ # See collector #1869 && #1926
+ from AccessControl.AuthEncoding import pw_encrypt
+
+ USER_ID = 'already_encrypted'
+ PASSWORD = 'password'
+
+ ENCRYPTED = pw_encrypt(PASSWORD)
+
+ zum = self._makeOne()
+ zum.addUser(USER_ID, USER_ID, ENCRYPTED)
+
+ uid_and_info = zum.authenticateCredentials(
+ { 'login': USER_ID
+ , 'password': PASSWORD
+ })
+
+ self.assertEqual(uid_and_info, (USER_ID, USER_ID))
+
+ def test_updateUserPassword_with_not_yet_encrypted_password(self):
+ from AccessControl.AuthEncoding import is_encrypted
+
+ USER_ID = 'not_yet_encrypted'
+ PASSWORD = 'password'
+
+ self.failIf(is_encrypted(PASSWORD))
+
+ zum = self._makeOne()
+ zum.addUser(USER_ID, USER_ID, '')
+ zum.updateUserPassword(USER_ID, PASSWORD)
+
+ uid_and_info = zum.authenticateCredentials(
+ { 'login': USER_ID
+ , 'password': PASSWORD
+ })
+
+ self.assertEqual(uid_and_info, (USER_ID, USER_ID))
+
+ def test_updateUserPassword_with_preencrypted_password(self):
+ from AccessControl.AuthEncoding import pw_encrypt
+
+ USER_ID = 'already_encrypted'
+ PASSWORD = 'password'
+
+ ENCRYPTED = pw_encrypt(PASSWORD)
+
+ zum = self._makeOne()
+ zum.addUser(USER_ID, USER_ID, '')
+ zum.updateUserPassword(USER_ID, ENCRYPTED)
+
+ uid_and_info = zum.authenticateCredentials(
+ { 'login': USER_ID
+ , 'password': PASSWORD
+ })
+
+ self.assertEqual(uid_and_info, (USER_ID, USER_ID))
+
+
if __name__ == "__main__":
unittest.main()
Modified: PluggableAuthService/branches/1.4/version.txt
===================================================================
--- PluggableAuthService/branches/1.4/version.txt 2006-12-19 16:34:18 UTC (rev 71604)
+++ PluggableAuthService/branches/1.4/version.txt 2006-12-19 18:15:37 UTC (rev 71605)
@@ -1 +1 @@
-PluggableAuthService-1.4
+PluggableAuthService-1.4+
More information about the Checkins
mailing list