[Moin-user] [bug] [moin2] Password encoding on new user creation
Pavel Vinogradov
Pavel.Vinogradov at nixdev.net
Wed Jan 5 11:46:08 EST 2011
Hello.
During work on implementing SSHA256 password encoding for Moin 2.0 i
found small bug in user creation code.
File user.py contain create_user function:
user.py:69
http://bpaste.net/show/12713/
This code encode received password before creating new user. It seems
ok, but this function is used only from
apps/frontend/views.py:589
http://bpaste.net/show/12714/
This function get all arguments from html form, filled by user. But
user newer fill encoded password in browser.
If user create new account with password '{SHA}{SHA}' and all go ok.
But user can't auth with this password and get error:
KeyError: 'enc_password'
It seems like condition 'not password.startswith('{SHA}')' in
create_user function is not nedded.
--
Pavel Vinogradov
More information about the Moin-user
mailing list