1497 raise AuthenticationError('bad password') |
1497 raise AuthenticationError('bad password') |
1498 # passwords are stored using the Bytes type, so we get a StringIO |
1498 # passwords are stored using the Bytes type, so we get a StringIO |
1499 args['pwd'] = Binary(crypt_password(password, pwd.getvalue())) |
1499 args['pwd'] = Binary(crypt_password(password, pwd.getvalue())) |
1500 # get eid from login and (crypted) password |
1500 # get eid from login and (crypted) password |
1501 rset = self.source.syntax_tree_search(cnx, self._auth_rqlst, args) |
1501 rset = self.source.syntax_tree_search(cnx, self._auth_rqlst, args) |
|
1502 pwd = args['pwd'] |
1502 try: |
1503 try: |
1503 user = rset[0][0] |
1504 user = rset[0][0] |
1504 # If the stored hash uses a deprecated scheme (e.g. DES or MD5 used |
1505 # If the stored hash uses a deprecated scheme (e.g. DES or MD5 used |
1505 # before 3.14.7), update with a fresh one |
1506 # before 3.14.7), update with a fresh one |
1506 if pwd.getvalue(): |
1507 if pwd is not None and pwd.getvalue(): |
1507 verify, newhash = verify_and_update(password, pwd.getvalue()) |
1508 verify, newhash = verify_and_update(password, pwd.getvalue()) |
1508 if not verify: # should not happen, but... |
1509 if not verify: # should not happen, but... |
1509 raise AuthenticationError('bad password') |
1510 raise AuthenticationError('bad password') |
1510 if newhash: |
1511 if newhash: |
1511 cnx.system_sql("UPDATE %s SET %s=%%(newhash)s WHERE %s=%%(login)s" % ( |
1512 cnx.system_sql("UPDATE %s SET %s=%%(newhash)s WHERE %s=%%(login)s" % ( |