Calin Furau avatar Calin Furau committed 603d7a9

Added bcrypt migration functionality.

Comments (0)

Files changed (2)

django_bcrypt/models.py

     return True
 
 
+def migrate_to_bcrypt():
+    """Returns ``True`` if password migration is activated. """
+    migrated = getattr(settings, "BCRYPT_MIGRATE", False)
+    if not migrated:
+        return False
+    return True
+
+
 def bcrypt_check_password(self, raw_password):
     """
     Returns a boolean of whether the *raw_password* was correct.
 
-    Attempts to validate with bcrypt, but falls back to Django's
-    ``User.check_password()`` if the hash is incorrect.
+    If bcrypt migration is activated, validate password only
+    with bcrypt. If not, attempt to validate with bcrypt, but fall back
+    to Django's ``User.check_password()`` if the hash is incorrect.
     """
-    if self.password.startswith('bc$'):
-        salt_and_hash = self.password[3:]
-        return bcrypt.hashpw(raw_password, salt_and_hash) == salt_and_hash
-    return _check_password(self, raw_password)
+    if migrate_to_bcrypt:
+        if self.password.startswith('sha1$')
+            and _check_password(self, raw_password):
+            bcrypt_set_password(self, raw_password)
+            return bcrypt.hashpw(raw_password, salt_and_hash) == salt_and_hash
+        elif self.password.startswith('bc$'):
+            salt_and_hash = self.password[3:]
+            return bcrypt.hashpw(raw_password, salt_and_hash) == salt_and_hash
+        return _check_password(self, raw_password)
+    else:
+        if self.password.startswith('bc$'):
+            salt_and_hash = self.password[3:]
+            return bcrypt.hashpw(raw_password, salt_and_hash) == salt_and_hash
+        return _check_password(self, raw_password)
 _check_password = User.check_password
 User.check_password = bcrypt_check_password
 

django_bcrypt/tests.py

         password_12 = user.password
         self.assertTrue(bcrypt_check_password(user, 'password'))
 
+    def test_migrated_password(self):
+        user = User()
+        with settings(BCRYPT_MIGRATE=True):
+            bcrypt_set_password(user, 'password')
+        self.assertTrue(bcrypt_check_password(user, 'password'))
+
+    def test_non_migrated_password(self):
+        user = User()
+        with settings(BCRYPT_MIGRATE=False):
+            _set_password(user, 'password')
+        self.assertTrue(bcrypt_check_password(user, 'password'))
+        self.assertFalse(bcrypt_check_password(user, 'invalid'))
+
 
 class SetPasswordTest(TestCase):
     def assertBcrypt(self, hashed, password):
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.