Merge pull request #246 from trnila/configurable-crypt-scheme

Configurable default password scheme used for passwords
master
kaiyou 7 years ago committed by GitHub
commit 213ee1d8b6

@ -32,6 +32,10 @@ POSTMASTER=admin
# Docker-compose project name, this will prepended to containers names. # Docker-compose project name, this will prepended to containers names.
COMPOSE_PROJECT_NAME=mailu COMPOSE_PROJECT_NAME=mailu
# Default password scheme used for newly created accounts and changed passwords
# (value: SHA512-CRYPT, SHA256-CRYPT, MD5-CRYPT, CRYPT)
PASSWORD_SCHEME=SHA512-CRYPT
################################### ###################################
# Optional features # Optional features
################################### ###################################

@ -30,7 +30,8 @@ default_config = {
'BABEL_DEFAULT_LOCALE': 'en', 'BABEL_DEFAULT_LOCALE': 'en',
'BABEL_DEFAULT_TIMEZONE': 'UTC', 'BABEL_DEFAULT_TIMEZONE': 'UTC',
'ENABLE_CERTBOT': False, 'ENABLE_CERTBOT': False,
'CERTS_PATH': '/certs' 'CERTS_PATH': '/certs',
'PASSWORD_SCHEME': 'SHA512-CRYPT'
} }
# Load configuration from the environment if available # Load configuration from the environment if available

@ -169,14 +169,14 @@ class User(Base, Email):
'CRYPT': "des_crypt"} 'CRYPT': "des_crypt"}
pw_context = context.CryptContext( pw_context = context.CryptContext(
schemes = scheme_dict.values(), schemes = scheme_dict.values(),
default='sha512_crypt', default=scheme_dict[app.config['PASSWORD_SCHEME']],
) )
def check_password(self, password): def check_password(self, password):
reference = re.match('({[^}]+})?(.*)', self.password).group(2) reference = re.match('({[^}]+})?(.*)', self.password).group(2)
return User.pw_context.verify(password, reference) return User.pw_context.verify(password, reference)
def set_password(self, password, hash_scheme='SHA512-CRYPT', raw=False): def set_password(self, password, hash_scheme=app.config['PASSWORD_SCHEME'], raw=False):
"""Set password for user with specified encryption scheme """Set password for user with specified encryption scheme
@password: plain text password to encrypt (if raw == True the hash itself) @password: plain text password to encrypt (if raw == True the hash itself)
""" """

@ -1,4 +1,4 @@
from mailu import manager, db from mailu import app, manager, db
from mailu.admin import models from mailu.admin import models
@ -35,7 +35,7 @@ def admin(localpart, domain_name, password):
@manager.command @manager.command
def user(localpart, domain_name, password, hash_scheme='SHA512-CRYPT'): def user(localpart, domain_name, password, hash_scheme=app.config['PASSWORD_SCHEME']):
""" Create a user """ Create a user
""" """
domain = models.Domain.query.get(domain_name) domain = models.Domain.query.get(domain_name)
@ -52,7 +52,7 @@ def user(localpart, domain_name, password, hash_scheme='SHA512-CRYPT'):
db.session.commit() db.session.commit()
@manager.command @manager.command
def user_import(localpart, domain_name, password_hash, hash_scheme='SHA512-CRYPT'): def user_import(localpart, domain_name, password_hash, hash_scheme=app.config['PASSWORD_SCHEME']):
""" Import a user along with password hash. Available hashes: """ Import a user along with password hash. Available hashes:
'SHA512-CRYPT' 'SHA512-CRYPT'
'SHA256-CRYPT' 'SHA256-CRYPT'

Loading…
Cancel
Save