[FIX]auth_crypt: check_credentials checking if there is a password stored, if not, not trying to crypt anything and raise
bzr revid: dle@openerp.com-20130801151539-z0bes7ylx5qwa8tw
This commit is contained in:
parent
5895b17ca1
commit
f551350b80
|
@ -143,7 +143,7 @@ class res_users(osv.osv):
|
|||
cr.execute('SELECT password, password_crypt FROM res_users WHERE id=%s AND active', (uid,))
|
||||
if cr.rowcount:
|
||||
stored_password, stored_password_crypt = cr.fetchone()
|
||||
if password and not stored_password_crypt:
|
||||
if stored_password and not stored_password_crypt:
|
||||
salt = gen_salt()
|
||||
stored_password_crypt = md5crypt(stored_password, salt)
|
||||
cr.execute("UPDATE res_users SET password='', password_crypt=%s WHERE id=%s", (stored_password_crypt, uid))
|
||||
|
@ -151,6 +151,7 @@ class res_users(osv.osv):
|
|||
return super(res_users, self).check_credentials(cr, uid, password)
|
||||
except openerp.exceptions.AccessDenied:
|
||||
# check md5crypt
|
||||
if stored_password_crypt:
|
||||
if stored_password_crypt[:len(magic_md5)] == magic_md5:
|
||||
salt = stored_password_crypt[len(magic_md5):11]
|
||||
if stored_password_crypt == md5crypt(password, salt):
|
||||
|
|
Loading…
Reference in New Issue