diff options
author | Marcin Kuzminski <marcin@python-works.com> | 2010-11-24 03:38:48 +0100 |
---|---|---|
committer | Marcin Kuzminski <marcin@python-works.com> | 2010-11-24 03:38:48 +0100 |
commit | cf4a0889aa08758771ad7b24447edf18f87df35b (patch) | |
tree | 0bba81fdc916f2544c23a5b0dd11c67b6774375e /rhodecode/model/user.py | |
parent | 81264ec066856c3f30cbd6e8b1326ad2add6a859 (diff) |
fixed security issue when saving ldap user saved plaintext password
--HG--
branch : beta
Diffstat (limited to 'rhodecode/model/user.py')
-rw-r--r-- | rhodecode/model/user.py | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/rhodecode/model/user.py b/rhodecode/model/user.py index d266fff3..0787483d 100644 --- a/rhodecode/model/user.py +++ b/rhodecode/model/user.py @@ -28,6 +28,7 @@ from rhodecode.model.caching_query import FromCache from rhodecode.model.db import User from rhodecode.model.meta import Session from rhodecode.lib.exceptions import * + import logging import traceback @@ -49,7 +50,7 @@ class UserModel(object): def get_by_username(self, username, cache=False, case_insensitive=False): - + if case_insensitive: user = self.sa.query(User).filter(User.username.ilike(username)) else: @@ -80,12 +81,12 @@ class UserModel(object): :param username: :param password: """ - + from rhodecode.lib.auth import get_crypt_password if self.get_by_username(username) is None: try: new_user = User() new_user.username = username - new_user.password = password + new_user.password = get_crypt_password(password) new_user.email = '%s@ldap.server' % username new_user.active = True new_user.is_ldap = True |