From f551350b8093816ed7ec456d786bb231ffec0460 Mon Sep 17 00:00:00 2001 From: Denis Ledoux Date: Thu, 1 Aug 2013 17:15:39 +0200 Subject: [PATCH] [FIX]auth_crypt: check_credentials checking if there is a password stored, if not, not trying to crypt anything and raise bzr revid: dle@openerp.com-20130801151539-z0bes7ylx5qwa8tw --- addons/auth_crypt/auth_crypt.py | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/addons/auth_crypt/auth_crypt.py b/addons/auth_crypt/auth_crypt.py index d0a4fda9632..08dd156a603 100644 --- a/addons/auth_crypt/auth_crypt.py +++ b/addons/auth_crypt/auth_crypt.py @@ -143,7 +143,7 @@ class res_users(osv.osv): cr.execute('SELECT password, password_crypt FROM res_users WHERE id=%s AND active', (uid,)) if cr.rowcount: stored_password, stored_password_crypt = cr.fetchone() - if password and not stored_password_crypt: + if stored_password and not stored_password_crypt: salt = gen_salt() stored_password_crypt = md5crypt(stored_password, salt) cr.execute("UPDATE res_users SET password='', password_crypt=%s WHERE id=%s", (stored_password_crypt, uid)) @@ -151,14 +151,15 @@ class res_users(osv.osv): return super(res_users, self).check_credentials(cr, uid, password) except openerp.exceptions.AccessDenied: # check md5crypt - if stored_password_crypt[:len(magic_md5)] == magic_md5: - salt = stored_password_crypt[len(magic_md5):11] - if stored_password_crypt == md5crypt(password, salt): - return - elif stored_password_crypt[:len(magic_md5)] == magic_sha256: - salt = stored_password_crypt[len(magic_md5):11] - if stored_password_crypt == md5crypt(password, salt): - return + if stored_password_crypt: + if stored_password_crypt[:len(magic_md5)] == magic_md5: + salt = stored_password_crypt[len(magic_md5):11] + if stored_password_crypt == md5crypt(password, salt): + return + elif stored_password_crypt[:len(magic_md5)] == magic_sha256: + salt = stored_password_crypt[len(magic_md5):11] + if stored_password_crypt == md5crypt(password, salt): + return # Reraise password incorrect raise