Aussi, j'ai déplacé la logique d'encryption du mot de passe dans le modèle.
class CascadeBackend(ModelBackend):
def authenticate(self, username=None, password=None):
user = None
-
email = username
- md5pass = hashlib.md5(password).hexdigest ()
# Cherche les comptes roa+locaux
remoteUser = localUser = None
try:
- if settings.AUTH_PASSWORD_REQUIRED:
- remoteUser = RemoteUser.objects.get (courriel=email, password=md5pass)
- else:
- remoteUser = RemoteUser.objects.get (courriel=email)
+ remoteUser = RemoteUser.objects.get(courriel=email)
+ if settings.AUTH_PASSWORD_REQUIRED and not remoteUser.check_password(password):
+ remoteUser = None
except:
pass
try:
if not settings.AUTH_PASSWORD_REQUIRED:
if remoteUser and not localUser:
localUser = DjangoUser (username = username,
- email = email,
- first_name = remoteUser.prenom,
- last_name = remoteUser.nom,
- is_staff = settings.USERS_AS_STAFF,
- is_active = True,
- is_superuser = False)
+ email = username,
+ first_name = remoteUser.prenom,
+ last_name = remoteUser.nom,
+ is_staff = settings.USERS_AS_STAFF,
+ is_active = True,
+ is_superuser = False)
localUser.set_password (password)
localUser.save ()
user = localUser
class Meta(PersonneForm.Meta):
fields = ('nom', 'prenom', 'courriel', 'password', 'password_confirmation', 'genre')
- def clean_password(self):
- """Encrypter le mot de passe avant de le mettre dans la BD."""
- self.clear_password = self.cleaned_data['password']
- return hashlib.md5(self.cleaned_data['password']).hexdigest()
-
def clean_password_confirmation(self):
"""S'assurer que le mot de passe et la confirmation sont identiques."""
password = self.cleaned_data.get('password')
- confirmation = hashlib.md5(self.cleaned_data['password_confirmation']).hexdigest()
+ confirmation = self.cleaned_data.get('password_confirmation')
if password != confirmation:
raise forms.ValidationError('Les deux mots de passe ne correspondent pas.')
- return self.cleaned_data['password_confirmation']
+ return confirmation
+
+ def save(self):
+ self.instance.set_password(self.cleaned_data['password'])
+ return super(PersonneInscriptionForm, self).save()
class ChercheurForm(forms.ModelForm):
"""Formulaire d'édition d'un chercheur."""
personne_form_class = PersonneInscriptionForm if chercheur is None else PersonneForm
self.chercheur = ChercheurForm(data=data, prefix='chercheur', instance=chercheur)
self.groupes = GroupesForm(data=data, prefix='chercheur', chercheur=chercheur)
- self.personne = personne_form_class(data=data, prefix='personne', instance=chercheur and chercheur.personne)
+ self.personne = personne_form_class(data=data, prefix='personne', instance=chercheur and chercheur.personne.utilisateur)
self.publication1 = PublicationForm(data=data, prefix='publication1', instance=chercheur and chercheur.publication1)
self.publication2 = PublicationForm(data=data, prefix='publication2', instance=chercheur and chercheur.publication2)
self.publication3 = PublicationForm(data=data, prefix='publication3', instance=chercheur and chercheur.publication3)
class NewPasswordForm(forms.Form):
password = forms.CharField(widget=forms.PasswordInput(), required=True, label="Mot de passe")
password_repeat = forms.CharField(widget=forms.PasswordInput(), required=True, label="Confirmez mot de passe")
+
def clean_password_repeat(self):
cleaned_data = self.cleaned_data
password = cleaned_data.get("password")
# -*- encoding: utf-8 -*-
+import hashlib
from django.db import models
from django.db.models import Q
+from django.utils.encoding import smart_str
from datamaster_modeles.models import *
#from auf_references_modeles.models import Thematique
from savoirs.models import Discipline, RandomQuerySetMixin
ordering = ["prenom", "nom"]
class Utilisateur(Personne):
- password = models.CharField(max_length=35, verbose_name = 'Mot de passe')
+ encrypted_password = models.CharField(db_column='password', max_length=35, verbose_name = 'Mot de passe')
+
+ def set_password(self, clear_password):
+ self.encrypted_password = self.encrypt_password(clear_password)
+
+ def check_password(self, clear_password):
+ return self.encrypted_password == self.encrypt_password(clear_password)
+
+ def encrypt_password(self, clear_password):
+ return hashlib.md5(smart_str(clear_password)).hexdigest()
+
+ def get_new_password_code(self):
+ return hashlib.md5(smart_str(u.courriel+u.encrypted_password)).hexdigest()[0:6]
class ChercheurManager(models.Manager):
form = SendPasswordForm(data=request.POST)
if form.is_valid():
u = Utilisateur.objects.get(courriel=form.cleaned_data['email'])
- code = hashlib.md5(u.courriel+u.password).hexdigest()
- code = code[0:6]
+ code = u.get_new_password_code()
link = "%s/accounts/new_password/%s/%s/" % (settings.SITE_ROOT_URL, u.courriel, code)
variables = { 'user': u,
def new_password(request, email, code):
u = Utilisateur.objects.get(courriel=email)
- original_code = hashlib.md5(u.courriel+u.password).hexdigest()
- original_code = original_code[0:6]
+ original_code = u.get_new_password_code()
message=""
if(code == original_code):
if request.method == "POST":
form = NewPasswordForm(data=request.POST)
if form.is_valid():
- new_password = form.cleaned_data['password']
- u.password = hashlib.md5(new_password).hexdigest()
+ u.set_password(form.cleaned_data['password'])
u.save()
message = "Votre mot de passe a été modifié."
else:
if request.method == "POST":
form = NewPasswordForm(data=request.POST)
if form.is_valid():
- new_password = form.cleaned_data['password']
- u.password = hashlib.md5(new_password).hexdigest()
+ u.set_password(form.cleaned_data['password'])
u.save()
message = "Votre mot de passe a été modifié."
else:
forms.save()
# login automatique
login(request, authenticate(username=forms.personne.cleaned_data['courriel'],
- password=forms.personne.clear_password))
+ password=forms.personne.cleaned_data['password']))
return HttpResponseRedirect(url('chercheurs.views.perso'))
else:
forms = ChercheurFormGroup()
projets / auf_savoirs_en_partage_django.git / commitdiff
