odoo
/
odoo
2
0
Fork 0
Code Pull Requests Releases Activity

[FIX]auth_crypt: check_credentials checking if there is a password stored, if not, not trying to crypt anything and raise 

bzr revid: dle@openerp.com-20130801151539-z0bes7ylx5qwa8tw
This commit is contained in:
Denis Ledoux 2013-08-01 17:15:39 +02:00
parent 5895b17ca1
commit f551350b80
1 changed files with 10 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
addons/auth_crypt/auth_crypt.py
View File

@ -143,7 +143,7 @@ class res_users(osv.osv):
cr.execute('SELECT password, password_crypt FROM res_users WHERE id=%s AND active', (uid,))
if cr.rowcount:
stored_password, stored_password_crypt = cr.fetchone()
if password and not stored_password_crypt:
if stored_password and not stored_password_crypt:
salt = gen_salt()
stored_password_crypt = md5crypt(stored_password, salt)
cr.execute("UPDATE res_users SET password='', password_crypt=%s WHERE id=%s", (stored_password_crypt, uid))
@ -151,14 +151,15 @@ class res_users(osv.osv):
return super(res_users, self).check_credentials(cr, uid, password)
except openerp.exceptions.AccessDenied:
# check md5crypt
if stored_password_crypt[:len(magic_md5)] == magic_md5:
salt = stored_password_crypt[len(magic_md5):11]
if stored_password_crypt == md5crypt(password, salt):
return
elif stored_password_crypt[:len(magic_md5)] == magic_sha256:
salt = stored_password_crypt[len(magic_md5):11]
if stored_password_crypt == md5crypt(password, salt):
return
if stored_password_crypt:
if stored_password_crypt[:len(magic_md5)] == magic_md5:
salt = stored_password_crypt[len(magic_md5):11]
if stored_password_crypt == md5crypt(password, salt):
return
elif stored_password_crypt[:len(magic_md5)] == magic_sha256:
salt = stored_password_crypt[len(magic_md5):11]
if stored_password_crypt == md5crypt(password, salt):
return
# Reraise password incorrect
raise