Switch to use simple hashed passwords instead of per-user salt

2025-12-13 22:32:15 +00:00 · 2010-06-15 15:01:50 +01:00
parent 1bfa7cb92f
commit dd69956a7c
3 changed files with 14 additions and 3 deletions
--- a/api/handlers.py
+++ b/api/handlers.py
@@ -56,6 +56,12 @@ class LoginHandler(BaseHandler):
            except User.DoesNotExist:
                return rc.NOT_HERE

-        d = { 'id': u.id, 'username': u.username, 'password': u.password, 'email': u.email, 'groups': u.groups.all() }
-        return d
+        d = { 'auth': 'ok', 'id': u.id, 'username': u.username,
+              'password': u.password, 'email': u.email, 'groups': u.groups.all(),
+              'characters': EVEPlayerCharacter.objects.filter(eveaccount__user=u) }
+
+        if request.GET['pass'] == user.password:
+            return d
+
+        return { 'auth': 'failed' }

--- a/settings.py
+++ b/settings.py
@@ -98,6 +98,11 @@ DISABLE_SERVICES = False
 # Services API generates a new password for the user
 GENERATE_SERVICE_PASSWORD = False

+AUTHENTICATION_BACKENDS = (
+    'sso.backends.SimpleHashModelBackend',
+)
+
+
 AUTH_PROFILE_MODULE = 'sso.SSOUser'
 LOGIN_REDIRECT_URL = "/profile"
 LOGIN_URL = "/login"
--- a/sso/backends.py
+++ b/sso/backends.py
@@ -12,7 +12,7 @@ class SimpleHashModelBackend(ModelBackend):
            return None

        if '$' in user.password:
-            if user.check_password(password)
+            if user.check_password(password):
                user.password = sha1(password).hexdigest()
                user.save()
                return user