diff --git a/re2o/login.py b/re2o/login.py new file mode 100644 index 00000000..566f2873 --- /dev/null +++ b/re2o/login.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# Module d'authentification +# David Sinquin, Gabriel Détraz, Goulven Kermarec + +import hashlib, binascii +import os +from base64 import urlsafe_b64encode as encode +from base64 import urlsafe_b64decode as decode + +def makeSecret(password): + salt = os.urandom(4) + h = hashlib.sha1(password.encode()) + h.update(salt) + return "{SSHA}" + encode(h.digest() + salt).decode() + +def hashNT(password): + hash = hashlib.new('md4', password.encode()).digest() + return binascii.hexlify(hash) + +def checkPassword(challenge_password, password): + challenge_bytes = decode(challenge_password[6:]) + digest = challenge_bytes[:20] + salt = challenge_bytes[20:] + hr = hashlib.sha1(password.encode()) + hr.update(salt) + valid_password = True + # La comparaison est volontairement en temps constant (pour éviter les timing-attacks) + for i, j in zip(digest, hr.digest()): + valid_password &= i == j + return valid_password diff --git a/users/forms.py b/users/forms.py index f748e896..13a4d363 100644 --- a/users/forms.py +++ b/users/forms.py @@ -5,4 +5,5 @@ from django import forms class PassForm(forms.Form): - passwd = forms.CharField(label=u'Nouveau mot de passe', max_length=255, widget=forms.PasswordInput) + passwd1 = forms.CharField(label=u'Nouveau mot de passe', max_length=255, widget=forms.PasswordInput) + passwd2 = forms.CharField(label=u'Saisir à nouveau le mot de passe', max_length=255, widget=forms.PasswordInput) diff --git a/users/views.py b/users/views.py index 5b9fe2ad..1136c437 100644 --- a/users/views.py +++ b/users/views.py @@ -10,6 +10,8 @@ from django.contrib import messages from users.models import User, UserForm, InfoForm, PasswordForm, StateForm from users.forms import PassForm +from re2o.login import makeSecret, hashNT + def form(ctx, template, request): c = ctx c.update(csrf(request)) @@ -55,7 +57,13 @@ def password(request, userid): return redirect("/users/") user_form = PassForm(request.POST or None) if user_form.is_valid(): - user.pwd_ssha = user_form.cleaned_data['passwd'] - user.pwd_ntlm = user_form.cleaned_data['passwd'] + if user_form.cleaned_data['passwd1'] != user_form.cleaned_data['passwd2']: + messages.error(request, u"Les 2 mots de passe différent" ) + return form({'userform': user_form}, 'users/user.html', request) + user.pwd_ssha = makeSecret(user_form.cleaned_data['passwd1']) + user.pwd_ntlm = hashNT(user_form.cleaned_data['passwd1']) user.save() return form({'userform': user_form}, 'users/user.html', request) + +def index(request): + return render(request, 'users/index.html')