Merge lp:~camptocamp/openobject-addons/improve_auth_crypt_3_please_launchpad_work-nbi into lp:openobject-addons/7.0
Proposed by
Nicolas Bessi - Camptocamp
Status: | Merged |
---|---|
Merge reported by: | Olivier Dony (Odoo) |
Merged at revision: | not available |
Proposed branch: | lp:~camptocamp/openobject-addons/improve_auth_crypt_3_please_launchpad_work-nbi |
Merge into: | lp:openobject-addons/7.0 |
Diff against target: |
67 lines (+30/-6) 1 file modified
auth_crypt/auth_crypt.py (+30/-6) |
To merge this branch: | bzr merge lp:~camptocamp/openobject-addons/improve_auth_crypt_3_please_launchpad_work-nbi |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Olivier Dony (Odoo) | Needs Fixing | ||
Review via email: mp+206476@code.launchpad.net |
Commit message
[IMP] Add an init function on res.users to encrypt all passwords when installing module and avoid plain passwords for deactivated users.
Description of the change
([IMP] module auth_crypt use sha256 by default to encrypt password. The modification keeps retro compatibility.) REMOVED as disscussed with Olivier
[IMP] Add an init function on res.users to encrypt all passwords when installing module and avoid plain password for deactivated users.
To post a comment you must log in.
Hi,
As discussed in bug 1280152 comments, we should consider these as 2 separate issues, so this MP could start by dealing with the first one (the lazy password encryption issue).
For this part, your init() method looks fine, but there are already multiple instances of the salting+hashing dance. As you're adding one more, it seems a good opportunity to refactor a bit and extract that pattern into a private method, something like:
def _set_user_ password( self, cr, uid, user_id, password, context=None): execute( "UPDATE res_users SET password='', password_crypt=%s WHERE id=%s",
(password_ hash, user_id))
password_hash = md5_crypt(password, gen_salt()) # TODO: update default algo in trunk
cr.
Thanks!