mirror of
https://gitlab.crans.org/bde/nk20
synced 2024-12-23 16:02:25 +00:00
a6b479db19
- /apps/activity/api/serializers.py - /apps/activity/api/urls.py - /apps/activity/api/views.py - /apps/activity/tests/test_activities.py - /apps/activity/__init__.py - /apps/activity/admin.py - /apps/activity/apps.py - /apps/activity/forms.py - /apps/activity/tables.py - /apps/activity/urls.py - /apps/activity/views.py - /apps/api/__init__.py - /apps/api/apps.py - /apps/api/serializers.py - /apps/api/tests.py - /apps/api/urls.py - /apps/api/views.py - /apps/api/viewsets.py - /apps/logs/signals.py - /apps/logs/apps.py - /apps/logs/__init__.py - /apps/logs/api/serializers.py - /apps/logs/api/urls.py - /apps/logs/api/views.py - /apps/member/api/serializers.py - /apps/member/api/urls.py - /apps/member/api/views.py - /apps/member/templatetags/memberinfo.py - /apps/member/__init__.py - /apps/member/admin.py - /apps/member/apps.py - /apps/member/auth.py - /apps/member/forms.py - /apps/member/hashers.py - /apps/member/signals.py - /apps/member/tables.py - /apps/member/urls.py - /apps/member/views.py - /apps/note/api/serializers.py - /apps/note/api/urls.py - /apps/note/api/views.py - /apps/note/models/__init__.py - /apps/note/static/note/js/consos.js - /apps/note/templates/note/mails/negative_balance.txt - /apps/note/templatetags/getenv.py - /apps/note/templatetags/pretty_money.py - /apps/note/tests/test_transactions.py - /apps/note/__init__.py - /apps/note/admin.py - /apps/note/apps.py - /apps/note/forms.py - /apps/note/signals.py - /apps/note/tables.py - /apps/note/urls.py - /apps/note/views.py - /apps/permission/api/serializers.py - /apps/permission/api/urls.py - /apps/permission/api/views.py - /apps/permission/templatetags/perms.py - /apps/permission/tests/test_oauth2.py - /apps/permission/tests/test_permission_denied.py - /apps/permission/tests/test_permission_queries.py - /apps/permission/tests/test_rights_page.py - /apps/permission/__init__.py - /apps/permission/admin.py - /apps/permission/backends.py - /apps/permission/apps.py - /apps/permission/decorators.py - /apps/permission/permissions.py - /apps/permission/scopes.py - /apps/permission/signals.py - /apps/permission/tables.py - /apps/permission/urls.py - /apps/permission/views.py - /apps/registration/tests/test_registration.py - /apps/registration/__init__.py - /apps/registration/apps.py - /apps/registration/forms.py - /apps/registration/tables.py - /apps/registration/tokens.py - /apps/registration/urls.py - /apps/registration/views.py - /apps/treasury/api/serializers.py - /apps/treasury/api/urls.py - /apps/treasury/api/views.py - /apps/treasury/templatetags/escape_tex.py - /apps/treasury/tests/test_treasury.py - /apps/treasury/__init__.py - /apps/treasury/admin.py - /apps/treasury/apps.py - /apps/treasury/forms.py - /apps/treasury/signals.py - /apps/treasury/tables.py - /apps/treasury/urls.py - /apps/treasury/views.py - /apps/wei/api/serializers.py - /apps/wei/api/urls.py - /apps/wei/api/views.py - /apps/wei/forms/surveys/__init__.py - /apps/wei/forms/surveys/base.py - /apps/wei/forms/surveys/wei2021.py - /apps/wei/forms/surveys/wei2022.py - /apps/wei/forms/surveys/wei2023.py - /apps/wei/forms/__init__.py - /apps/wei/forms/registration.py - /apps/wei/management/commands/export_wei_registrations.py - /apps/wei/management/commands/import_scores.py - /apps/wei/management/commands/wei_algorithm.py - /apps/wei/templates/wei/weilist_sample.tex - /apps/wei/tests/test_wei_algorithm_2021.py - /apps/wei/tests/test_wei_algorithm_2022.py - /apps/wei/tests/test_wei_algorithm_2023.py - /apps/wei/tests/test_wei_registration.py - /apps/wei/__init__.py - /apps/wei/admin.py - /apps/wei/apps.py - /apps/wei/tables.py - /apps/wei/urls.py - /apps/wei/views.py - /note_kfet/settings/__init__.py - /note_kfet/settings/base.py - /note_kfet/settings/development.py - /note_kfet/settings/secrets_example.py - /note_kfet/static/js/base.js - /note_kfet/admin.py - /note_kfet/inputs.py - /note_kfet/middlewares.py - /note_kfet/urls.py - /note_kfet/views.py - /note_kfet/wsgi.py - /entrypoint.sh
82 lines
3.3 KiB
Python
82 lines
3.3 KiB
Python
# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
|
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
|
|
import hashlib
|
|
from collections import OrderedDict
|
|
|
|
from django.conf import settings
|
|
from django.contrib.auth.hashers import PBKDF2PasswordHasher, mask_hash
|
|
from django.utils.crypto import constant_time_compare
|
|
from django.utils.translation import gettext_lazy as _
|
|
from note_kfet.middlewares import get_current_request
|
|
|
|
|
|
class CustomNK15Hasher(PBKDF2PasswordHasher):
|
|
"""
|
|
Permet d'importer les mots de passe depuis la Note KFet 2015.
|
|
Si un hash de mot de passe est de la forme :
|
|
`custom_nk15$<NB>$<ENCODED>`
|
|
où <NB> est un entier quelconque (symbolisant normalement un nombre d'itérations)
|
|
et <ENCODED> le hash du mot de passe dans la Note Kfet 2015,
|
|
alors ce hasher va vérifier le mot de passe.
|
|
N'ayant pas la priorité (cf note_kfet/settings/base.py), le mot de passe sera
|
|
converti automatiquement avec l'algorithme PBKDF2.
|
|
"""
|
|
algorithm = "custom_nk15"
|
|
|
|
def must_update(self, encoded):
|
|
if settings.DEBUG:
|
|
# Small hack to let superusers to impersonate people.
|
|
# Don't change their password.
|
|
request = get_current_request()
|
|
current_user = request.user
|
|
if current_user is not None and current_user.is_superuser:
|
|
return False
|
|
return True
|
|
|
|
def verify(self, password, encoded):
|
|
if settings.DEBUG:
|
|
# Small hack to let superusers to impersonate people.
|
|
# If a superuser is already connected, let him/her log in as another person.
|
|
request = get_current_request()
|
|
current_user = request.user
|
|
if current_user is not None and current_user.is_superuser\
|
|
and request.session.get("permission_mask", -1) >= 42:
|
|
return True
|
|
|
|
if '|' in encoded:
|
|
salt, db_hashed_pass = encoded.split('$')[2].split('|')
|
|
return constant_time_compare(hashlib.sha256((salt + password).encode("utf-8")).hexdigest(), db_hashed_pass)
|
|
return super().verify(password, encoded)
|
|
|
|
def safe_summary(self, encoded):
|
|
# Displayed information in Django Admin.
|
|
if '|' in encoded:
|
|
salt, db_hashed_pass = encoded.split('$')[2].split('|')
|
|
return OrderedDict([
|
|
(_('algorithm'), 'custom_nk15'),
|
|
(_('iterations'), '1'),
|
|
(_('salt'), mask_hash(salt)),
|
|
(_('hash'), mask_hash(db_hashed_pass)),
|
|
])
|
|
return super().safe_summary(encoded)
|
|
|
|
|
|
class DebugSuperuserBackdoor(PBKDF2PasswordHasher):
|
|
"""
|
|
In debug mode and during the beta, superusers can login into other accounts for tests.
|
|
"""
|
|
def must_update(self, encoded):
|
|
return False
|
|
|
|
def verify(self, password, encoded):
|
|
if settings.DEBUG:
|
|
# Small hack to let superusers to impersonate people.
|
|
# If a superuser is already connected, let him/her log in as another person.
|
|
request = get_current_request()
|
|
current_user = request.user
|
|
if current_user is not None and current_user.is_superuser\
|
|
and request.session.get("permission_mask", -1) >= 42:
|
|
return True
|
|
return super().verify(password, encoded)
|