fixed security issue when saving ldap user saved plaintext password

--HG-- branch : beta
author: Marcin Kuzminski <marcin@python-works.com> 2010-11-24 03:38:48 +0100
committer: Marcin Kuzminski <marcin@python-works.com> 2010-11-24 03:38:48 +0100
commit: cf4a0889aa08758771ad7b24447edf18f87df35b (patch)
tree: 0bba81fdc916f2544c23a5b0dd11c67b6774375e /rhodecode/model/user.py
parent: 81264ec066856c3f30cbd6e8b1326ad2add6a859 (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/rhodecode/model/user.py b/rhodecode/model/user.py
index d266fff3..0787483d 100644
--- a/rhodecode/model/user.py
+++ b/rhodecode/model/user.py
@@ -28,6 +28,7 @@ from rhodecode.model.caching_query import FromCache
 from rhodecode.model.db import User
 from rhodecode.model.meta import Session
 from rhodecode.lib.exceptions import *
+
 import logging
 import traceback
 
@@ -49,7 +50,7 @@ class UserModel(object):
 
 
     def get_by_username(self, username, cache=False, case_insensitive=False):
-        
+
         if case_insensitive:
             user = self.sa.query(User).filter(User.username.ilike(username))
         else:
@@ -80,12 +81,12 @@ class UserModel(object):
         :param username:
         :param password:
         """
-
+        from rhodecode.lib.auth import get_crypt_password
         if self.get_by_username(username) is None:
             try:
                 new_user = User()
                 new_user.username = username
-                new_user.password = password
+                new_user.password = get_crypt_password(password)
                 new_user.email = '%s@ldap.server' % username
                 new_user.active = True
                 new_user.is_ldap = True
author	Marcin Kuzminski <marcin@python-works.com>	2010-11-24 03:38:48 +0100
committer	Marcin Kuzminski <marcin@python-works.com>	2010-11-24 03:38:48 +0100
commit	cf4a0889aa08758771ad7b24447edf18f87df35b (patch)
tree	0bba81fdc916f2544c23a5b0dd11c67b6774375e /rhodecode/model/user.py
parent	81264ec066856c3f30cbd6e8b1326ad2add6a859 (diff)