Revert "In fact it could be global"

This reverts commit f52984e4c3.
master
Florent Daigniere 4 years ago
parent feff121a9b
commit 875308d405

@ -17,7 +17,7 @@ import dns
db = flask_sqlalchemy.SQLAlchemy() db = flask_sqlalchemy.SQLAlchemy()
_credential_cache = {}
class IdnaDomain(db.TypeDecorator): class IdnaDomain(db.TypeDecorator):
""" Stores a Unicode string in it's IDNA representation (ASCII only) """ Stores a Unicode string in it's IDNA representation (ASCII only)
@ -383,7 +383,7 @@ class User(Base, Email):
return User._ctx return User._ctx
def check_password(self, password): def check_password(self, password):
cache_result = _credential_cache.get(self.get_id()) cache_result = self._credential_cache.get(self.get_id())
current_salt = self.password.split('$')[3] if len(self.password.split('$')) == 5 else None current_salt = self.password.split('$')[3] if len(self.password.split('$')) == 5 else None
if cache_result and current_salt: if cache_result and current_salt:
cache_salt, cache_hash = cache_result cache_salt, cache_hash = cache_result
@ -392,7 +392,7 @@ class User(Base, Email):
else: else:
# the cache is local per gunicorn; the password has changed # the cache is local per gunicorn; the password has changed
# so the local cache can be invalidated # so the local cache can be invalidated
del _credential_cache[self.get_id()] del self._credential_cache[self.get_id()]
reference = self.password reference = self.password
# strip {scheme} if that's something mailu has added # strip {scheme} if that's something mailu has added
@ -418,7 +418,7 @@ we have little control over GC and string interning anyways.
An attacker that can dump the process' memory is likely to find credentials An attacker that can dump the process' memory is likely to find credentials
in clear-text regardless of the presence of the cache. in clear-text regardless of the presence of the cache.
""" """
_credential_cache[self.get_id()] = (self.password.split('$')[3], hash.pbkdf2_sha256.using(rounds=1).hash(password)) self._credential_cache[self.get_id()] = (self.password.split('$')[3], hash.pbkdf2_sha256.using(rounds=1).hash(password))
return result return result
def set_password(self, password, hash_scheme=None, raw=False): def set_password(self, password, hash_scheme=None, raw=False):

Loading…
Cancel
Save