openerp-community-reviewer team mailing list archive

Thread
Date

[Merge] lp:~camptocamp/ocb-addons/improve_auth_crypt-nbi into lp:ocb-addons

To: mp+206364@xxxxxxxxxxxxxxxxxx, Alexandre Fayolle - camptocamp <alexandre.fayolle@xxxxxxxxxxxxxx>
From: Nicolas Bessi - Camptocamp <nicolas.bessi@xxxxxxxxxxxxxx>
Date: Tue, 18 Mar 2014 10:34:46 -0000
In-reply-to: <20140318103404.30546.19345.codereview@soybean.canonical.com>
Reply-to: mp+206364@xxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

Nicolas Bessi - Camptocamp has proposed merging lp:~camptocamp/ocb-addons/improve_auth_crypt-nbi into lp:ocb-addons.

Commit message:
[IMP] Add an init function on res.users to encrypt all passwords when installing module and avoid plain password for deactivated users.

Requested reviews:
  Nicolas Bessi - Camptocamp (nbessi-c2c)
  Stefan Rijnhart (Therp) (stefan-therp)
  Alexandre Fayolle - camptocamp (alexandre-fayolle-c2c): code review, no test
Related bugs:
  Bug #1280152 in OpenERP Addons: "[7.0]Auth crypt encrypts passwords lazily and deactivated users will never have password encrypted"
  https://bugs.launchpad.net/openobject-addons/+bug/1280152

For more details, see:
https://code.launchpad.net/~camptocamp/ocb-addons/improve_auth_crypt-nbi/+merge/206364

(Improve module auth_crypt use sha256 by default to encrypt password. The modification keeps retro compatibility.) REMOVED as OpenERP will not merge this part

Add an init function on res.users to encrypt all passwords when installing module and avoid plain password for deactivated users.
-- 
https://code.launchpad.net/~camptocamp/ocb-addons/improve_auth_crypt-nbi/+merge/206364
Your team OpenERP Community Backports Team is subscribed to branch lp:ocb-addons.

=== modified file 'auth_crypt/auth_crypt.py'
--- auth_crypt/auth_crypt.py	2013-08-12 10:29:50 +0000
+++ auth_crypt/auth_crypt.py	2014-03-18 09:42:44 +0000
@@ -117,6 +117,18 @@
 class res_users(osv.osv):
     _inherit = "res.users"
 
+    def init(self, cr):
+        """Encrypt all passwords at module installation"""
+        cr.execute("SELECT id, password FROM res_users WHERE password != ''",)
+        to_encrypt = cr.fetchall()
+        if to_encrypt:
+            for user in to_encrypt:
+                salt = gen_salt()
+                stored_password_crypt = md5crypt(user[1], salt)
+                cr.execute("UPDATE res_users SET password='', password_crypt=%s WHERE id=%s",
+                           (stored_password_crypt, user[0]))
+        return True
+
     def set_pw(self, cr, uid, id, name, value, args, context):
         if value:
             encrypted = md5crypt(value, gen_salt())

References

Re: [Merge] lp:~camptocamp/ocb-addons/improve_auth_crypt-nbi into lp:ocb-addons
From: Nicolas Bessi - Camptocamp, 2014-03-18