Commits

Author Commit Message Labels Comments Date
Richard Jones
fix for command-line password reset handler
Richard Jones
force HTTPS in the link sent for password reset
Richard Jones
we're not migrating through bcrypt_sha1 so don't need it
Richard Jones
tweaks to email content; add more password rules
Richard Jones
note password info in edit page
Richard Jones
fix
Richard Jones
note further work
Richard Jones
actually this does not work :-(
Richard Jones
ugh
Richard Jones
ugh
Richard Jones
extra
Richard Jones
fixes
Richard Jones
fix
Richard Jones
add pw reset mailout tool
Richard Jones
fixes
Richard Jones
fixes
Richard Jones
fixes
Richard Jones
fixes
Richard Jones
fix plain-textability
Richard Jones
tweaks
Richard Jones
improved password reset with no emailing of passwords
Richard Jones
clarify passlib configuration; fix grammaro
Richard Jones
Merged in dstufft/pypi/passlib (pull request #3) Migrate PyPI to use passlib to store passwords
Donald Stufft
Update README to document the new dependencies
Branches
passlib
Donald Stufft
Include a migration path for moving legacy users to a stronger hash * Includes a method for hashing the sha1 passwords with bcrypt to increase their security * bcrypt_sha1 will upgrade to standard bcrypt as per usual with passlib * Provides a script that migrates 20 users at a time to bcrypt_sha1 Migration script was modified from one written by Giovanni Bajo
Branches
passlib
Donald Stufft
Rewrite password hashing to utilize passlib + bcrypt * Upon logging in the existing unsalted sha1 passwords will be upgraded to bcrypt * PyPI will prefer using cookie auth to prevent needing to do bcrypt on every request * Load passlib configuration from the existing config.ini file
Branches
passlib
Richard Jones
re-word to get us back to 4 lines of text in the box
Richard Jones
correct
Richard Jones
better wording
Richard Jones
typo
  1. Prev
  2. Next