0001-encrypt-user-credentials-9534.patch

Josué Kouka, 11 janvier 2016 13:00

Voir les différences: en ligne côte à côte

Subject: [PATCH] encrypt user credentials (#9534)

 debian/control              |  1 +
 mandayejs/mandaye/models.py | 51 +++++++++++++++++++++++++++++++++++++++++++--
 mandayejs/mandaye/utils.py  |  8 +++++++
 mandayejs/mandaye/views.py  |  1 +
 4 files changed, 59 insertions(+), 2 deletions(-)

debian/control
13	13	python-gadjo,
14	14	python-django-jsonfield,
15	15	python-ldap,
	16	python-crypto
16	17	Recommends: python-django-mellon
17	18	Description: Authentication Reverse Proxy
18	19

     # You should have received a copy of the GNU Affero General Public License
     # along with this program.  If not, see <http://www.gnu.org/licenses/>.
     import base64
     from Crypto.Cipher import AES
     from django.db import models
     from jsonfield import JSONField
     from django.conf import settings
     from django.utils.translation import ugettext_lazy as _
     from jsonfield import JSONField
     from mandayejs.mandaye.utils import get_password_field
     class UserCredentials(models.Model):
         user = models.ForeignKey('auth.User')
-...
                 or self.user.email \
                 or self.user.username
         def to_login_info(self):
         def save(self, *args, **kwargs):
             self.encrypt()
             super(UserCredentials, self).save(*args, **kwargs)
         def _get_secret_key(self):
             """Return secret key under 32 characters
             """
             return settings.SECRET_KEY[0:-(len(settings.SECRET_KEY)-32)]
         def _get_cipher(self):
             """Return cipher object
             """
             return AES.new(self._get_secret_key(), AES.MODE_CFB, "0000000000000000")
         def encrypt(self,):
             """Encrypt password
             """
             password_field_name = get_password_field()
             cipher = self._get_cipher()
             self.locators[password_field_name] = \
                base64.b64encode(cipher.encrypt(
                    self.locators.get(password_field_name,'')
                 ))
             return self.locators
         def decrypt(self,):
             """Decrypt password
             """
             password_field_name = get_password_field()
             cipher = self._get_cipher()
             self.locators[password_field_name] = \
                 cipher.decrypt(
                     base64.b64decode(
                         self.locators.get(password_field_name,'')
                 ))
             return self.locators
         def to_login_info(self, decrypt=False):
             if decrypt:
                 self.decrypt()
             return {'#'+k : v for k,v in self.locators.items() }

         url = url._replace(netloc=settings.SITE_DOMAIN)
         return url.path
     def get_password_field():
         """Return name of the password field
         """
         try:
             field_name = [ field.get('name') for field in settings.SITE_LOCATORS if field.get('kind') == 'password' ]
             return field_name[0]
         except (IndexError,):
             return None

             'auth_checker': os.path.join(site_static_root, site_auth_checker)
+        }
         logger.debug(login_info)
         login_info['locators'] = [ credentials.to_login_info(decrypt=True)]
         result = exec_phantom(login_info)
         logger.debug(result)
+    -

Projet

Général

Profil

Produits Entr'ouvert » Mandaye

0001-encrypt-user-credentials-9534.patch