From e28b19b353de7eac781680dd0773faecc02a425c Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Thu, 20 Feb 2020 10:26:00 +0100 Subject: [PATCH] Import NK15 passwords --- apps/member/hashers.py | 27 +++++++++++++++++++++++++++ note_kfet/settings/base.py | 6 ++++++ 2 files changed, 33 insertions(+) create mode 100644 apps/member/hashers.py diff --git a/apps/member/hashers.py b/apps/member/hashers.py new file mode 100644 index 00000000..0c5d010b --- /dev/null +++ b/apps/member/hashers.py @@ -0,0 +1,27 @@ +# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay +# SPDX-License-Identifier: GPL-3.0-or-later + +import hashlib + +from django.contrib.auth.hashers import PBKDF2PasswordHasher +from django.utils.crypto import constant_time_compare + + +class CustomNK15Hasher(PBKDF2PasswordHasher): + """ + Permet d'importer les mots de passe depuis la Note KFet 2015. + Si un hash de mot de passe est de la forme : + `custom_nk15$$` + où est un entier quelconque (symbolisant normalement un nombre d'itérations) + et le hash du mot de passe dans la Note Kfet 2015, + alors ce hasher va vérifier le mot de passe. + N'ayant pas la priorité (cf note_kfet/settings/base.py), le mot de passe sera + converti automatiquement avec l'algorithme PBKDF2. + """ + algorithm = "custom_nk15" + + def verify(self, password, encoded): + if '|' in encoded: + salt, db_hashed_pass = encoded.split('$')[2].split('|') + return constant_time_compare(hashlib.sha256((salt + password).encode("utf-8")).hexdigest(), db_hashed_pass) + return super().verify(password, encoded) diff --git a/note_kfet/settings/base.py b/note_kfet/settings/base.py index e583d8a6..b147e5c2 100644 --- a/note_kfet/settings/base.py +++ b/note_kfet/settings/base.py @@ -110,6 +110,12 @@ AUTH_PASSWORD_VALIDATORS = [ }, ] +# Use our custom hasher in order to import NK15 passwords +PASSWORD_HASHERS = [ + 'django.contrib.auth.hashers.PBKDF2PasswordHasher', + 'member.hashers.CustomNK15Hasher', +] + # Django Guardian object permissions AUTHENTICATION_BACKENDS = (