From 382398a3515f5db12cb2eb5f48dc0c971658463c Mon Sep 17 00:00:00 2001
From: Charlie Jacomme <jacomme@crans.org>
Date: Fri, 10 Aug 2018 17:43:10 +0200
Subject: [PATCH] Produce newer hash upon login

---
 re2o/login.py    | 17 +++++++++++++++++
 re2o/settings.py |  3 +++
 2 files changed, 20 insertions(+)

diff --git a/re2o/login.py b/re2o/login.py
index 0bf9aed8..471c2e02 100644
--- a/re2o/login.py
+++ b/re2o/login.py
@@ -35,6 +35,7 @@ import os
 from base64 import encodestring, decodestring, b64encode, b64decode
 from collections import OrderedDict
 from django.contrib.auth import hashers
+from django.contrib.auth.backends import ModelBackend
 from hmac import compare_digest as constant_time_compare
 
 
@@ -226,3 +227,19 @@ class SSHAPasswordHasher(hashers.BasePasswordHasher):
         As we are not using multiple iterations the method is pretty useless
         """
         pass
+
+
+class RecryptBackend(ModelBackend):
+    def authenticate(self, username=None, password=None):
+        # we obtain from the classical auth backend the user
+        user = super(RecryptBackend, self).authenticate(username, password)
+        if user:
+            if not(user.pwd_ntlm):
+                # if we dont have NT hash, we create it
+                user.pwd_ntlm = hashNT(password)
+                user.save()
+            if not("SSHA" in user.password):
+                # if the hash is too old, we update it
+                user.password = makeSecret(password)
+                user.save()
+        return user
diff --git a/re2o/settings.py b/re2o/settings.py
index 8c5476f6..9dd52d1f 100644
--- a/re2o/settings.py
+++ b/re2o/settings.py
@@ -96,6 +96,9 @@ MIDDLEWARE_CLASSES = (
     'django.middleware.security.SecurityMiddleware',
     'reversion.middleware.RevisionMiddleware',
 )
+
+AUTHENTICATION_BACKENDS = ['re2o.login.RecryptBackend']
+
 # Include debug_toolbar middleware if activated
 if 'debug_toolbar' in INSTALLED_APPS:
     # Include this middleware at the beggining