Vue de modification du mdp

10 years ago · d55cea6b5c
3 changed files with 42 additions and 3 deletions
--- a/re2o/login.py
+++ b/re2o/login.py
@ -0,0 +1,30 @@
+# -*- coding: utf-8 -*-
+# Module d'authentification
+# David Sinquin, Gabriel Détraz, Goulven Kermarec
+
+import hashlib, binascii
+import os
+from base64 import urlsafe_b64encode as encode
+from base64 import urlsafe_b64decode as decode
+
+def makeSecret(password):
+    salt = os.urandom(4)
+    h = hashlib.sha1(password.encode())
+    h.update(salt)
+    return "{SSHA}" + encode(h.digest() + salt).decode()
+
+def hashNT(password):
+    hash = hashlib.new('md4', password.encode()).digest()
+    return binascii.hexlify(hash)
+
+def checkPassword(challenge_password, password):
+    challenge_bytes = decode(challenge_password[6:])
+    digest = challenge_bytes[:20]
+    salt = challenge_bytes[20:]
+    hr = hashlib.sha1(password.encode())
+    hr.update(salt)
+    valid_password = True
+    # La comparaison est volontairement en temps constant (pour éviter les timing-attacks)
+    for i, j in zip(digest, hr.digest()):
+        valid_password &= i == j
+    return valid_password
--- a/users/forms.py
+++ b/users/forms.py
@ -5,4 +5,5 @@ from django import forms


 class PassForm(forms.Form):
-    passwd = forms.CharField(label=u'Nouveau mot de passe', max_length=255, widget=forms.PasswordInput)
+    passwd1 = forms.CharField(label=u'Nouveau mot de passe', max_length=255, widget=forms.PasswordInput)
+    passwd2 = forms.CharField(label=u'Saisir à nouveau le mot de passe', max_length=255, widget=forms.PasswordInput)
--- a/users/views.py
+++ b/users/views.py
@ -10,6 +10,8 @@ from django.contrib import messages
 from users.models import User, UserForm, InfoForm, PasswordForm, StateForm
 from users.forms  import PassForm

+from re2o.login import makeSecret, hashNT
+
 def form(ctx, template, request):
    c = ctx
    c.update(csrf(request))
@ -55,7 +57,13 @@ def password(request, userid):
        return redirect("/users/")
    user_form = PassForm(request.POST or None)
    if user_form.is_valid():
-        user.pwd_ssha = user_form.cleaned_data['passwd']
-        user.pwd_ntlm = user_form.cleaned_data['passwd'] 
+        if user_form.cleaned_data['passwd1'] != user_form.cleaned_data['passwd2']:
+            messages.error(request, u"Les 2 mots de passe différent" )
+            return form({'userform': user_form}, 'users/user.html', request)
+        user.pwd_ssha = makeSecret(user_form.cleaned_data['passwd1'])
+        user.pwd_ntlm = hashNT(user_form.cleaned_data['passwd1'])
        user.save()
    return form({'userform': user_form}, 'users/user.html', request)
+
+def index(request):
+    return render(request, 'users/index.html')