Skip to content
Commits on Source (2)
Hide whitespace changes
Inline Side-by-side
views/login/__init__.py
View file @ f7ddb9cb
...@@ -202,6 +202,19 @@ def do_login(): ...@@ -202,6 +202,19 @@ def do_login():
session[ "user_id" ] = user[ "id" ] session[ "user_id" ] = user[ "id" ]
session[ "password_check" ] = True session[ "password_check" ] = True
# Check for outdated password and update it in the database if needed
_, _, salt, iterations, _ = user[ "password" ].split( "$" )
if iterations != config.PASSWORD_NB_ITERATIONS or salt.len() != config.PASSWORD_SALT_LENGTH:
new_password = utils.hash.pbkdf2(
form_password,
utils.rand.random_data( config.PASSWORD_SALT_LENGTH ),
config.PASSWORD_NB_ITERATIONS
).hash()
config.db.query( "UPDATE users SET password = %s WHERE id = %s", ( new_password, user[ "id" ] ) )
config.db.commit()
#
current_app.logger.info( "User '{}' checked by password".format( user[ "username" ] ) ) current_app.logger.info( "User '{}' checked by password".format( user[ "username" ] ) )
session[ "need_to_check" ].remove( current_check ) session[ "need_to_check" ].remove( current_check )
...@@ -808,7 +821,7 @@ def password_reset_stage2( user_id ): ...@@ -808,7 +821,7 @@ def password_reset_stage2( user_id ):
userid = data.get( "user_id", None ) userid = data.get( "user_id", None )
if password != None: if password != None:
password = utils.hash.pbkdf2( password, utils.rand.random_data( config.EMAIL_SALT_LENGTH ), config.EMAIL_NB_ITERATIONS ).hash() password = utils.hash.pbkdf2( password, utils.rand.random_data( config.PASSWORD_SALT_LENGTH ), config.PASSWORD_NB_ITERATIONS ).hash()
config.db.query( "UPDATE users SET password = %s WHERE id = %s", ( password, userid ) ) config.db.query( "UPDATE users SET password = %s WHERE id = %s", ( password, userid ) )
config.db.commit() config.db.commit()
......
views/newuser/__init__.py
View file @ f7ddb9cb
...@@ -398,7 +398,7 @@ def do_config_new_user(): ...@@ -398,7 +398,7 @@ def do_config_new_user():
current_app.logger.debug( "Storing the new password to the databse" ) current_app.logger.debug( "Storing the new password to the databse" )
password = utils.hash.pbkdf2( password, utils.rand.random_data( config.EMAIL_SALT_LENGTH ), config.PASSWORD_NB_ITERATIONS ).hash() password = utils.hash.pbkdf2( password, utils.rand.random_data( config.PASSWORD_SALT_LENGTH ), config.PASSWORD_NB_ITERATIONS ).hash()
config.db.query( "UPDATE users SET password = %s WHERE username = %s", ( password, username, ) ) config.db.query( "UPDATE users SET password = %s WHERE username = %s", ( password, username, ) )
config.db.commit() config.db.commit()
......