mirror of
https://gitlab2.federez.net/re2o/re2o
synced 2024-11-27 07:02:26 +00:00
Vue de modification du mdp
This commit is contained in:
parent
5d81cbdd15
commit
8343478aea
3 changed files with 42 additions and 3 deletions
30
re2o/login.py
Normal file
30
re2o/login.py
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
# Module d'authentification
|
||||||
|
# David Sinquin, Gabriel Détraz, Goulven Kermarec
|
||||||
|
|
||||||
|
import hashlib, binascii
|
||||||
|
import os
|
||||||
|
from base64 import urlsafe_b64encode as encode
|
||||||
|
from base64 import urlsafe_b64decode as decode
|
||||||
|
|
||||||
|
def makeSecret(password):
|
||||||
|
salt = os.urandom(4)
|
||||||
|
h = hashlib.sha1(password.encode())
|
||||||
|
h.update(salt)
|
||||||
|
return "{SSHA}" + encode(h.digest() + salt).decode()
|
||||||
|
|
||||||
|
def hashNT(password):
|
||||||
|
hash = hashlib.new('md4', password.encode()).digest()
|
||||||
|
return binascii.hexlify(hash)
|
||||||
|
|
||||||
|
def checkPassword(challenge_password, password):
|
||||||
|
challenge_bytes = decode(challenge_password[6:])
|
||||||
|
digest = challenge_bytes[:20]
|
||||||
|
salt = challenge_bytes[20:]
|
||||||
|
hr = hashlib.sha1(password.encode())
|
||||||
|
hr.update(salt)
|
||||||
|
valid_password = True
|
||||||
|
# La comparaison est volontairement en temps constant (pour éviter les timing-attacks)
|
||||||
|
for i, j in zip(digest, hr.digest()):
|
||||||
|
valid_password &= i == j
|
||||||
|
return valid_password
|
|
@ -5,4 +5,5 @@ from django import forms
|
||||||
|
|
||||||
|
|
||||||
class PassForm(forms.Form):
|
class PassForm(forms.Form):
|
||||||
passwd = forms.CharField(label=u'Nouveau mot de passe', max_length=255, widget=forms.PasswordInput)
|
passwd1 = forms.CharField(label=u'Nouveau mot de passe', max_length=255, widget=forms.PasswordInput)
|
||||||
|
passwd2 = forms.CharField(label=u'Saisir à nouveau le mot de passe', max_length=255, widget=forms.PasswordInput)
|
||||||
|
|
|
@ -10,6 +10,8 @@ from django.contrib import messages
|
||||||
from users.models import User, UserForm, InfoForm, PasswordForm, StateForm
|
from users.models import User, UserForm, InfoForm, PasswordForm, StateForm
|
||||||
from users.forms import PassForm
|
from users.forms import PassForm
|
||||||
|
|
||||||
|
from re2o.login import makeSecret, hashNT
|
||||||
|
|
||||||
def form(ctx, template, request):
|
def form(ctx, template, request):
|
||||||
c = ctx
|
c = ctx
|
||||||
c.update(csrf(request))
|
c.update(csrf(request))
|
||||||
|
@ -55,7 +57,13 @@ def password(request, userid):
|
||||||
return redirect("/users/")
|
return redirect("/users/")
|
||||||
user_form = PassForm(request.POST or None)
|
user_form = PassForm(request.POST or None)
|
||||||
if user_form.is_valid():
|
if user_form.is_valid():
|
||||||
user.pwd_ssha = user_form.cleaned_data['passwd']
|
if user_form.cleaned_data['passwd1'] != user_form.cleaned_data['passwd2']:
|
||||||
user.pwd_ntlm = user_form.cleaned_data['passwd']
|
messages.error(request, u"Les 2 mots de passe différent" )
|
||||||
|
return form({'userform': user_form}, 'users/user.html', request)
|
||||||
|
user.pwd_ssha = makeSecret(user_form.cleaned_data['passwd1'])
|
||||||
|
user.pwd_ntlm = hashNT(user_form.cleaned_data['passwd1'])
|
||||||
user.save()
|
user.save()
|
||||||
return form({'userform': user_form}, 'users/user.html', request)
|
return form({'userform': user_form}, 'users/user.html', request)
|
||||||
|
|
||||||
|
def index(request):
|
||||||
|
return render(request, 'users/index.html')
|
||||||
|
|
Loading…
Reference in a new issue