anoopmb
/
frappe
1
0
Atdalīts 0
Kods Problēmas 0 Izmaiņu pieprasījumi 0 Laidieni 0 Vikivietne Aktivitāte
Nevar pievienot vairāk kā 25 tēmas Tēmai ir jāsākas ar burtu vai ciparu, tā var saturēt domu zīmes ('-') un var būt līdz 35 simboliem gara.
12454 Revīzijas
1 Atzars
314 MiB
Koks: 6fbe20caaa
Atzari Tagi
${ item.name }
Izveidot atzaru ${ searchTerm }
no '6fbe20caaa'
${ noResults }
frappe/frappe/utils/password.py

password.py 4.3 KiB
Neapstrādāts Parastais skats Vēsture

[security] encrypt passwords that need to be retrievable, except User password which should be hashed
pirms 9 gadiem
[fix] [patch] password.py
pirms 9 gadiem
Except and raise statement python 3 compatible style (#3216) * changes exception and raise statements to python 3 style * changes except statement to python 3 style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * changes except and raise statement to python 3 compatible style * adds six.reraise to fix python 3 style raise statements with traceback * fixes indentation
pirms 8 gadiem
[fix] [patch] password.py
pirms 9 gadiem
[security] encrypt passwords that need to be retrievable, except User password which should be hashed
pirms 9 gadiem
[fix] rename password field
pirms 9 gadiem
[security] encrypt passwords that need to be retrievable, except User password which should be hashed
pirms 9 gadiem
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112 
  1. # Copyright (c) 2015, Frappe Technologies Pvt. Ltd. and Contributors

  2. # MIT License. See license.txt

  3. 

  4. from __future__ import unicode_literals

  5. import frappe

  6. from frappe import _

  7. from frappe.utils import cstr, encode

  8. from cryptography.fernet import Fernet

  9. 

  10. def get_decrypted_password(doctype, name, fieldname='password', raise_exception=True):

  11. 	auth = frappe.db.sql('''select `password` from `__Auth`

  12. 		where doctype=%(doctype)s and name=%(name)s and fieldname=%(fieldname)s and encrypted=1''',

  13. 		{ 'doctype': doctype, 'name': name, 'fieldname': fieldname })

  14. 

  15. 	if auth and auth[0][0]:

  16. 		return decrypt(auth[0][0])

  17. 

  18. 	elif raise_exception:

  19. 		frappe.throw(_('Password not found'), frappe.AuthenticationError)

  20. 

  21. def set_encrypted_password(doctype, name, pwd, fieldname='password'):

  22. 	frappe.db.sql("""insert into __Auth (doctype, name, fieldname, `password`, encrypted)

  23. 		values (%(doctype)s, %(name)s, %(fieldname)s, %(pwd)s, 1)

  24. 		on duplicate key update `password`=%(pwd)s, encrypted=1""",

  25. 		{ 'doctype': doctype, 'name': name, 'fieldname': fieldname, 'pwd': encrypt(pwd) })

  26. 

  27. def check_password(user, pwd, doctype='User', fieldname='password'):

  28. 	'''Checks if user and password are correct, else raises frappe.AuthenticationError'''

  29. 

  30. 	auth = frappe.db.sql("""select name, `password`, salt from `__Auth`

  31. 		where doctype=%(doctype)s and name=%(name)s and fieldname=%(fieldname)s and encrypted=0

  32. 		and (

  33. 			(salt is null and `password`=password(%(pwd)s))

  34. 			or `password`=password(concat(%(pwd)s, salt))

  35. 		)""",{ 'doctype': doctype, 'name': user, 'fieldname': fieldname, 'pwd': pwd }, as_dict=True)

  36. 

  37. 	if not auth:

  38. 		raise frappe.AuthenticationError('Incorrect User or Password')

  39. 

  40. 	salt = auth[0].salt

  41. 	if not salt:

  42. 		# sets salt and updates password

  43. 		update_password(user, pwd, doctype, fieldname)

  44. 

  45. 	# lettercase agnostic

  46. 	user = auth[0].name

  47. 

  48. 	return user

  49. 

  50. def update_password(user, pwd, doctype='User', fieldname='password'):

  51. 	salt = frappe.generate_hash()

  52. 

  53. 	frappe.db.sql("""insert into __Auth (doctype, name, fieldname, `password`, salt, encrypted)

  54. 		values (%(doctype)s, %(name)s, %(fieldname)s, password(concat(%(pwd)s, %(salt)s)), %(salt)s, 0)

  55. 		on duplicate key update

  56. 			`password`=password(concat(%(pwd)s, %(salt)s)), salt=%(salt)s, encrypted=0""",

  57. 		{ 'doctype': doctype, 'name': user, 'fieldname': fieldname, 'pwd': pwd, 'salt': salt })

  58. 

  59. def delete_all_passwords_for(doctype, name):

  60. 	try:

  61. 		frappe.db.sql("""delete from __Auth where doctype=%(doctype)s and name=%(name)s""",

  62. 			{ 'doctype': doctype, 'name': name })

  63. 	except Exception as e:

  64. 		if e.args[0]!=1054:

  65. 			raise

  66. 

  67. def rename_password(doctype, old_name, new_name):

  68. 	# NOTE: fieldname is not considered, since the document is renamed

  69. 	frappe.db.sql("""update __Auth set name=%(new_name)s

  70. 		where doctype=%(doctype)s and name=%(old_name)s""",

  71. 		{ 'doctype': doctype, 'new_name': new_name, 'old_name': old_name })

  72. 

  73. def rename_password_field(doctype, old_fieldname, new_fieldname):

  74. 	frappe.db.sql('''update `__Auth` set fieldname=%(new_fieldname)s

  75. 		where doctype=%(doctype)s and fieldname=%(old_fieldname)s''',

  76. 		{ 'doctype': doctype, 'old_fieldname': old_fieldname, 'new_fieldname': new_fieldname })

  77. 

  78. def create_auth_table():

  79. 	# same as Framework.sql

  80. 	frappe.db.sql_ddl("""create table if not exists __Auth (

  81. 			`doctype` VARCHAR(140) NOT NULL,

  82. 			`name` VARCHAR(255) NOT NULL,

  83. 			`fieldname` VARCHAR(140) NOT NULL,

  84. 			`password` VARCHAR(255) NOT NULL,

  85. 			`salt` VARCHAR(140),

  86. 			`encrypted` INT(1) NOT NULL DEFAULT 0,

  87. 			PRIMARY KEY (`doctype`, `name`, `fieldname`)

  88. 		) ENGINE=InnoDB ROW_FORMAT=COMPRESSED CHARACTER SET=utf8mb4 COLLATE=utf8mb4_unicode_ci""")

  89. 

  90. def encrypt(pwd):

  91. 	if len(pwd) > 100:

  92. 		# encrypting > 100 chars will lead to truncation

  93. 		frappe.throw(_('Password cannot be more than 100 characters long'))

  94. 

  95. 	cipher_suite = Fernet(encode(get_encryption_key()))

  96. 	cipher_text = cstr(cipher_suite.encrypt(encode(pwd)))

  97. 	return cipher_text

  98. 

  99. def decrypt(pwd):

  100. 	cipher_suite = Fernet(encode(get_encryption_key()))

  101. 	plain_text = cstr(cipher_suite.decrypt(encode(pwd)))

  102. 	return plain_text

  103. 

  104. def get_encryption_key():

  105. 	from frappe.installer import update_site_config

  106. 

  107. 	if 'encryption_key' not in frappe.local.conf:

  108. 		encryption_key = Fernet.generate_key()

  109. 		update_site_config('encryption_key', encryption_key)

  110. 		frappe.local.conf.encryption_key = encryption_key

  111. 

  112. 	return frappe.local.conf.encryption_key