Merge branch 'import_nk15' of gitlab.crans.org:bde/nk20 into import_nk15

2020-02-23 13:54:19 +01:00 · 2020-02-23 13:54:19 +01:00 · efe32e45bf
parent f47d803a2c 8feb2ec52a
commit efe32e45bf
2 changed files with 33 additions and 0 deletions
--- a/apps/member/hashers.py
+++ b/apps/member/hashers.py
@ -0,0 +1,27 @@
 # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 import hashlib
 from django.contrib.auth.hashers import PBKDF2PasswordHasher
 from django.utils.crypto import constant_time_compare
 class CustomNK15Hasher(PBKDF2PasswordHasher):
    """
    Permet d'importer les mots de passe depuis la Note KFet 2015.
    Si un hash de mot de passe est de la forme :
    `custom_nk15$<NB>$<ENCODED>`
    où <NB> est un entier quelconque (symbolisant normalement un nombre d'itérations)
    et <ENCODED> le hash du mot de passe dans la Note Kfet 2015,
    alors ce hasher va vérifier le mot de passe.
    N'ayant pas la priorité (cf note_kfet/settings/base.py), le mot de passe sera
    converti automatiquement avec l'algorithme PBKDF2.
    """
    algorithm = "custom_nk15"
    def verify(self, password, encoded):
        if '|' in encoded:
            salt, db_hashed_pass = encoded.split('$')[2].split('|')
            return constant_time_compare(hashlib.sha256((salt + password).encode("utf-8")).hexdigest(), db_hashed_pass)
        return super().verify(password, encoded)
--- a/note_kfet/settings/base.py
+++ b/note_kfet/settings/base.py
@ -117,6 +117,12 @@ AUTH_PASSWORD_VALIDATORS = [
    },
 ]
 # Use our custom hasher in order to import NK15 passwords
 PASSWORD_HASHERS = [
    'django.contrib.auth.hashers.PBKDF2PasswordHasher',
    'member.hashers.CustomNK15Hasher',
 ]
 # Django Guardian object permissions
 AUTHENTICATION_BACKENDS = (