Switch to use simple hashed passwords instead of per-user salt

api/handlers.py

@@ -56,6 +56,12 @@ class LoginHandler(BaseHandler):
             except User.DoesNotExist:
                 return rc.NOT_HERE
 
-        d = { 'id': u.id, 'username': u.username, 'password': u.password, 'email': u.email, 'groups': u.groups.all() }
+        d = { 'auth': 'ok', 'id': u.id, 'username': u.username,
-        return d
+              'password': u.password, 'email': u.email, 'groups': u.groups.all(),
+              'characters': EVEPlayerCharacter.objects.filter(eveaccount__user=u) }
+
+        if request.GET['pass'] == user.password:
+            return d
+
+        return { 'auth': 'failed' }
 

settings.py

@@ -98,6 +98,11 @@ DISABLE_SERVICES = False
 # Services API generates a new password for the user
 GENERATE_SERVICE_PASSWORD = False
 
+AUTHENTICATION_BACKENDS = (
+    'sso.backends.SimpleHashModelBackend',
+)
+
+
 AUTH_PROFILE_MODULE = 'sso.SSOUser'
 LOGIN_REDIRECT_URL = "/profile"
 LOGIN_URL = "/login"

sso/backends.py

@@ -12,7 +12,7 @@ class SimpleHashModelBackend(ModelBackend):
             return None
 
         if '$' in user.password:
-            if user.check_password(password)
+            if user.check_password(password):
                 user.password = sha1(password).hexdigest()
                 user.save()
                 return user